CVE-2024-3383

🗓️ 10 Apr 2024 17:06:15Reported by palo_altoType

A vulnerability in Palo Alto Networks PAN-OS software allows modification of User-ID groups impacting user access to network resources

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-3383	10 Apr 202420:08	–	circl
CNNVD	Palo Alto Networks PAN-OS 安全漏洞	10 Apr 202400:00	–	cnnvd
CNVD	Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2024-20503)	15 Apr 202400:00	–	cnvd
Cvelist	CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)	10 Apr 202417:06	–	cvelist
EUVD	EUVD-2024-31972	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Palo Alto PAN OS	12 Apr 202400:00	–	ncsc
NVD	CVE-2024-3383	10 Apr 202417:15	–	nvd
OSV	CVE-2024-3383	10 Apr 202417:15	–	osv
Palo Alto Networks	PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)	10 Apr 202416:00	–	paloalto
Tenable Nessus	Palo Alto Networks PAN-OS 10.1.x < 10.1.11 / 10.2.x < 10.2.5 / 11.0.x < 11.0.3 Vulnerability	10 Apr 202400:00	–	nessus

NVD

Vulners

Node

paloaltonetworks pan-osRange10.1.0–10.1.11

paloaltonetworks pan-osRange10.2.0–10.2.5

paloaltonetworks pan-osRange11.0.0–11.0.3

[
  {
    "defaultStatus": "unaffected",
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "11.1.0"
      },
      {
        "changes": [
          {
            "at": "11.0.3",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.3",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.2.5",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.2.5",
        "status": "affected",
        "version": "10.2.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.11",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.11",
        "status": "affected",
        "version": "10.1.0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "9.1.0"
      },
      {
        "status": "unaffected",
        "version": "9.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2024-3383

24 Jan 2025 15:29Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.4 - 9.1

EPSS0.00249

SSVC

CWE-282