Palo Alto Networks GlobalProtect Vulnerability: Impersonation of Authenticated Users
CVE-2024-8691
7.1HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 11 September 2024
Badges
đź‘ľ Exploit Exists
Summary
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
Affected Version(s)
PAN-OS < 9.1.17
PAN-OS < 10.1.11
PAN-OS >= 10.2.0
Refferences
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Claudiu Pancotan