Lucene search

[email protected]NVD:CVE-2024-2433

HistoryMar 13, 2024 - 6:15 p.m.

CVE-2024-2433

2024-03-1318:15:08

CWE-269

[email protected]

web.nvd.nist.gov

cve-2024-2433

palo alto networks

panorama software

improper authorization

authenticated admin

upload files

disk partition

web interface access

management plane

dataplane unaffected

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.

This issue affects only the web interface of the management plane; the dataplane is unaffected.

References

security.paloaltonetworks.com/CVE-2024-2433

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-2433

nessus1 cvelist1 paloalto1 cve1