Improper Certificate Validation Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2024-5918
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Cloud Ngfw
- Pan-os
- Prisma Access
- Vendor
- CVE Published:
- 14 November 2024
Badges
👾 Exploit Exists
Summary
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
Affected Version(s)
Cloud NGFW >= All
PAN-OS >= 11.2.0
PAN-OS >= 11.1.0
Refferences
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database