CVE-2024-3388

PAN-OS: User Impersonation in GlobalProtect SSL VPN

CVSS 4.1 MEDIUMEPSS 0.3%CWE-269 CWE-863

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Apr 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected products

Palo Alto Networks · Cloud NGFW Palo Alto Networks · PAN-OS Palo Alto Networks · Prisma Access

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2024-3388