Palo Alto Networks PAN-OS Vulnerability: Modification of User-ID Groups
CVE-2024-3383
7.4HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 10 April 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
Affected Version(s)
PAN-OS >= 11.1.0
PAN-OS < 11.0.3
PAN-OS < 10.2.5
Refferences
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue.