Lucene search
Palo Alto Networks Product Security Incident Response TeamPA-CVE-2024-0009HistoryFeb 14, 2024 - 5:00 p.m.
PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
2024-02-1417:00:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
2
palo alto networks
globalprotect
vpn
vulnerability
ip address
stolen credentials
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.7
Confidence
Low
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
Work around:
No work around available.
Affected configurations
Node
softwarepan-osRange<10.2.4
ORsoftwarepan-osRange<11.0.1
Related
prion
prion
Input validation
2024-02-14 18:15:00
cve
cve
CVE-2024-0009
2024-02-14 18:15:47
cvelist
cvelist
nvd
nvd
CVE-2024-0009
2024-02-14 18:15:47
nessus
nessus
Palo Alto Networks PAN-OS 10.2.x < 10.2.4 / 11.0.x < 11.0.1 Vulnerability
2024-02-15 00:00:00
vulnrichment
vulnrichment
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.7
Confidence
Low
Related for PA-CVE-2024-0009