Improper Neutralization of Matching Symbols Vulnerability in Palo Alto Networks PAN-OS CLI

CVE-2024-8688

4.4MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 11 September 2024

Badges

👾 Exploit Exists

Summary

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.

Affected Version(s)

PAN-OS < 9.1.15

PAN-OS < 10.0.10

PAN-OS < 10.1.1

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Initial publication
Sep 11, 2024
Vulnerability Reserved.
Sep 11, 2024
Vulnerability published.
Sep 11, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database

Credit

Matei "Mal" Badanoiu of Deloitte

Martin Smid of Palo Alto Networks