Palo_altoVULNRICHMENT:CVE-2024-3387CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
ADP Affected
[
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*"
],
"vendor": "paloaltonetworks",
"product": "pan-os",
"versions": [
{
"status": "affected",
"version": "10.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
],
"vendor": "paloaltonetworks",
"product": "pan-os",
"versions": [
{
"status": "affected",
"version": "10.1.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*"
],
"vendor": "paloaltonetworks",
"product": "pan-os",
"versions": [
{
"status": "affected",
"version": "11.0.0"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial