Improper Authorization Vulnerability in Palo Alto Networks Panorama Software
CVE-2024-2433
4.3MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 13 March 2024
Badges
👾 Exploit Exists📰 News Worthy
Summary
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.
This issue affects only the web interface of the management plane; the dataplane is unaffected.
Affected Version(s)
PAN-OS < 9.0.17-h4
PAN-OS < 9.1.17
PAN-OS < 10.1.12
News Articles
Refferences
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
First article discovered by Rewterz
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database1 News Article(s)
Credit
Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue.