Attacker can impersonate another user and send network packets to internal assets
CVE-2024-3388

4.1MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 10 April 2024

Summary

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

Affected Version(s)

PAN-OS 8.1.0 < 8.1.26

PAN-OS 9.0.0 < 9.0.17-h4

PAN-OS 9.1.0 < 9.1.17

References

https://security.paloaltonetworks.com/CVE-2024-3388

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Ta-Lun Yen of TXOne Networks for discovering and reporting this issue.