Main Vulnerability Database Vulnerabilities #VU86541

Insufficient Session Expiration in Palo Alto PAN-OS - CVE-2024-0008

Published: February 15, 2024

Vulnerability identifier: #VU86541

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-0008

CWE-ID: CWE-613

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Palo Alto Networks, Inc.

Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue in the management interface. An attacker with physical access can obtain or guess session token and gain unauthorized access to session that belongs to another user.

How to mitigate CVE-2024-0008

Install updates from vendor's website.

Sources

https://security.paloaltonetworks.com/CVE-2024-0008

Insufficient Session Expiration in Palo Alto PAN-OS - CVE-2024-0008

Detailed vulnerability description

How to mitigate CVE-2024-0008

Sources

Please verify you're human