Palo_altoVULNRICHMENT:CVE-2024-8691CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/U:Amber/R:A/V:D/RE:M
AI Score
Confidence
High
EPSS
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
Related
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/U:Amber/R:A/V:D/RE:M
AI Score
Confidence
High
EPSS
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial