GlobalProtect Information Exposure Vulnerability

CVE-2024-8687

7.1HIGH

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Globalprotect App; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 11 September 2024

Badges

👾 Exploit Exists

Summary

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Affected Version(s)

PAN-OS >= 11.1.0

PAN-OS >= 11.2.0

PAN-OS < 11.0.1

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Initial publication
Sep 11, 2024
Vulnerability Reserved.
Sep 11, 2024
Vulnerability published.
Sep 11, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database

Credit

Claudiu Pancotan