Main Vulnerability Database SB2024021526

SB2024021526 - Insufficient Session Expiration in Palo Alto PAN-OS

Published: February 15, 2024

Security Bulletin ID SB2024021526

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient Session Expiration (CVE-ID: CVE-2024-0008)

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue in the management interface. An attacker with physical access can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Remediation

Install update from vendor's website.

References

https://security.paloaltonetworks.com/CVE-2024-0008