GlobalProtect Information Exposure Vulnerability
CVE-2024-8687

7.1HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Pan-os; Globalprotect App; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 11 September 2024

🔔 Create Palo Alto Networks Vulnerability Alert

What is CVE-2024-8687?

An information exposure vulnerability has been identified within Palo Alto Networks' PAN-OS software that allows a GlobalProtect end user to gain access to sensitive security credentials. This flaw permits the user to retrieve both the GlobalProtect uninstall password and the disable or disconnect passcode. With this information, users can potentially uninstall, disable, or disconnect the GlobalProtect VPN application, bypassing the intended application security settings that would usually prevent such actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GlobalProtect App 5.1.0 < 5.1.12

GlobalProtect App 5.2.0 < 5.2.13

GlobalProtect App 6.0.0 < 6.0.7

References

https://security.paloaltonetworks.com/CVE-2024-8687

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Sep 11, 2024

Credit

Claudiu Pancotan

JSON

Palo Alto Networks