Palo_altoVULNRICHMENT:CVE-2024-0009CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
CNA Affected
[
{
"vendor": "Palo Alto Networks",
"product": "PAN-OS",
"versions": [
{
"status": "unaffected",
"version": "9.0"
},
{
"status": "unaffected",
"version": "9.1"
},
{
"status": "unaffected",
"version": "10.1"
},
{
"status": "affected",
"changes": [
{
"at": "10.2.4",
"status": "unaffected"
}
],
"version": "10.2",
"lessThan": "10.2.4",
"versionType": "custom"
},
{
"status": "affected",
"changes": [
{
"at": "11.0.1",
"status": "unaffected"
}
],
"version": "11.0",
"lessThan": "11.0.1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.1"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Palo Alto Networks",
"product": "Prisma Access",
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Palo Alto Networks",
"product": "Cloud NGFW",
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial