Lucene search

[email protected]CVE-2024-2433

HistoryMar 13, 2024 - 6:15 p.m.

CVE-2024-2433

2024-03-1318:15:08

CWE-269

[email protected]

web.nvd.nist.gov

palo alto networks

panorama software

cve-2024-2433

improper authorization vulnerability

disk partition

download issues

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.

This issue affects only the web interface of the management plane; the dataplane is unaffected.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Panorama"
    ],
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "9.0.17-h4",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.17-h4",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.17",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.17",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.12",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.12",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.2.8",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.2.8",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.0.3",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.3",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "11.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2024-2433

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-2433

nvd1 nessus1 paloalto1 cvelist1