GlobalProtect Information Exposure Vulnerability

CVE-2024-8687

7.1HIGH

Key Information

Status
Pan-os
Globalprotect App
Cloud Ngfw
Prisma Access
Vendor
CVE Published:
11 September 2024

Badges

đź‘ľ Exploit Exists

Summary

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Affected Version(s)

PAN-OS >= 11.1.0

PAN-OS >= 11.2.0

PAN-OS < 11.0.1

Refferences

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Claudiu Pancotan
.