SB2024021526 - Insufficient Session Expiration in Palo Alto PAN-OS
Published: February 15, 2024
Security Bulletin ID
SB2024021526
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient Session Expiration (CVE-ID: CVE-2024-0008)
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue in the management interface. An attacker with physical access can obtain or guess session token and gain unauthorized access to session that belongs to another user.
Remediation
Install update from vendor's website.