Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2024-3386

HistoryApr 10, 2024 - 4:00 p.m.

PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

2024-04-1016:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

decryption exclusions

string comparison

traffic exclusion

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

JSON

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

Work around:
No work around available.

Affected configurations

Vulners

Node

softwarepan-osRange<9.0.17-h2

softwarepan-osRange<9.1.17

softwarepan-osRange<10.0.13

softwarepan-osRange<10.1.9-h3

softwarepan-osRange<10.1.10

softwarepan-osRange<10.2.4-h2

softwarepan-osRange<10.2.5

softwarepan-osRange<11.0.1-h2

softwarepan-osRange<11.0.2

VendorProductVersionCPE
softwarepan-os*cpe:2.3:a:software:pan-os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
software	pan-os	*	cpe:2.3:a:software:pan-os::::::::

References

security.paloaltonetworks.com/CVE-2024-3386

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

JSON

Related for PA-CVE-2024-3386