Main Vulnerability Database Vulnerabilities #VU100606

#VU100606 Improper certificate validation in Palo Alto PAN-OS - CVE-2024-5918

Published: November 19, 2024

Vulnerability identifier: #VU100606

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-5918

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Palo Alto PAN-OS

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a remote user to impersonate other users.

The vulnerability exists due to improper certificate validation. A remote authenticated user can use a specially crafted certificate to impersonate other users.

The vulnerability affects systems with enabled option "Allow Authentication with User Credentials OR Client Certificate".

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/CVE-2024-5918

#VU100606 Improper certificate validation in Palo Alto PAN-OS - CVE-2024-5918

Description

Remediation

External links

Please verify you're human