#VU97164 Improper neutralization of wildcards or matching symbols in Palo Alto PAN-OS - CVE-2024-8688


Vulnerability identifier: #VU97164

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-8688

CWE-ID: CWE-155

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor: Palo Alto Networks, Inc.

Description
undefined

Mitigation
Install update from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 9.1 - 9.1.14, 10.0 - 10.0.9, 10.1 - 10.1.0

External links
https://security.paloaltonetworks.com/CVE-2024-8688

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Palo Alto PAN-OS