Lucene search
Palo_altoCVELIST:CVE-2024-0008HistoryFeb 14, 2024 - 5:32 p.m.
CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
2024-02-1417:32:17
CWE-613
palo_alto
www.cve.org
5
cve-2024-0008
pan-os
session expiration
web interface
vulnerability
unauthorized access
CVSS3
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "9.0.17-h2",
"status": "unaffected"
}
],
"lessThan": "9.0.17-h2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.0.18",
"status": "unaffected"
}
],
"lessThan": "9.0.18",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.17",
"status": "unaffected"
}
],
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.12-h1",
"status": "unaffected"
}
],
"lessThan": "10.0.12-h1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.13",
"status": "unaffected"
}
],
"lessThan": "10.0.13",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.10-h1",
"status": "unaffected"
}
],
"lessThan": "10.1.10-h1",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.11",
"status": "unaffected"
}
],
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.5",
"status": "unaffected"
}
],
"lessThan": "10.2.5",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.2",
"status": "unaffected"
}
],
"lessThan": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "unaffected",
"version": "11.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
]Related
paloalto
paloalto
PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
2024-02-14 17:00:00
prion
prion
Design/Logic Flaw
2024-02-14 18:15:00
nessus
nessus
nvd
nvd
CVE-2024-0008
2024-02-14 18:15:47
cve
cve
CVE-2024-0008
2024-02-14 18:15:47
ics
ics
Siemens RUGGEDCOM APE1808
2024-04-11 12:00:00
CVSS3
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-0008