Multiple vulnerabilities in Palo Alto PAN-OS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-8691 CVE-2024-8688 CVE-2024-8686 |
| CWE-ID | CWE-863 CWE-155 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Palo Alto PAN-OS Operating systems & Components / Operating system |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Incorrect authorization
EUVDB-ID: #VU97165
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-8691
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to impersonate other users.
The vulnerability exists due to improper authorization in the GlobalProtect portal. A remote user can impersonate other GlobalProtect users.
Install updates from vendor's website.
Vulnerable software versionsPalo Alto PAN-OS: 9-1-16-h3 - 10.1.11-h4
CPE2.3- cpe:2.3:o:palo_alto_networks:pan-os:9-1-16-h3:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.2-h1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.3-h1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.5:*:*:*:*:*:*:*
https://security.paloaltonetworks.com/CVE-2024-8691
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper neutralization of wildcards or matching symbols
EUVDB-ID: #VU97164
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-8688
CWE-ID:
CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Exploit availability: No
Descriptionundefined
MitigationInstall update from vendor's website.
Vulnerable software versionsPalo Alto PAN-OS: 9.1 - 10.1.0
CPE2.3- cpe:2.3:o:palo_alto_networks:pan-os:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.2-h1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.3-h1:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.6:*:*:*:*:*:*:*
https://security.paloaltonetworks.com/CVE-2024-8688
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) OS Command Injection
EUVDB-ID: #VU97163
Risk: Low
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-8686
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote authenticated administrator can bypass implemented security restrictions and run arbitrary commands as root on the firewall.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPalo Alto PAN-OS: 11.2.2
CPE2.3 External linkshttps://security.paloaltonetworks.com/CVE-2024-8686
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
