Unauthorized Access Vulnerability in PAN-OS Software

CVE-2024-0008

8.8HIGH

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access; Cloud Ngfw
Vendor: CVE Published:; 14 February 2024

Badges

👾 Exploit Exists

Summary

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

Affected Version(s)

PAN-OS < 9.0.17-h2

PAN-OS < 9.0.18

PAN-OS < 9.1.17

Refferences

https://security.paloaltonetworks.com/CVE-2024-0008

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 1, 2024
Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Nov 9, 2023

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Brian Yaklin for discovering and reporting this issue.