CVE-2024-3387

PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure

CVSS 5.3 MEDIUMEPSS 0.2%CWE-326

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 abr 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Productos afectados

Palo Alto Networks · Cloud NGFW Palo Alto Networks · PAN-OS Palo Alto Networks · Prisma Access

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.paloaltonetworks.com/CVE-2024-3387