Palo Alto Networks GlobalProtect Vulnerability: Impersonation of Authenticated Users
CVE-2024-8691
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 11 September 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
Affected Version(s)
PAN-OS < 9.1.17
PAN-OS < 10.1.11
PAN-OS >= 10.2.0
Timeline
Initial publication
Vulnerability Reserved.
Vulnerability published.
- 👾
Exploit exists.
Collectors
NVD DatabaseMitre Database
Credit
Claudiu Pancotan