CVE-2024-8687

PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes

CVSS 6.9 MEDIUMEPSS 0.4%CWE-497

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.9EPSS 0.4%KEV nãoPoC —Patch —

Ciclo de vida

11 set 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

Produtos afetados

Palo Alto Networks · Cloud NGFW Palo Alto Networks · GlobalProtect App Palo Alto Networks · PAN-OS Palo Alto Networks · Prisma Access

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://security.paloaltonetworks.com/CVE-2024-8687