Attacker can impersonate another user and send network packets to internal assets

CVE-2024-3388

4.1MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 10 April 2024

Summary

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

Affected Version(s)

PAN-OS < 8.1.26

PAN-OS < 9.0.17-h4

PAN-OS < 9.1.17

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Initial publication
Apr 10, 2024
Vulnerability published.
Apr 10, 2024
Vulnerability Reserved.
Apr 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Ta-Lun Yen of TXOne Networks for discovering and reporting this issue.