CVE-2024-3388: PAN-OS: User Impersonation in GlobalProtect SSL VPN
First published: Wed Apr 10 2024(Updated: )
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto PAN-OS | ||
| Palo Alto Networks PAN-OS | >=8.1.0<8.1.26 | |
| Palo Alto Networks PAN-OS | >=9.0.0<9.0.17 | |
| Palo Alto Networks PAN-OS | >=9.1.0<9.1.17 | |
| Palo Alto Networks PAN-OS | >=10.1.0<10.1.11 | |
| Palo Alto Networks PAN-OS | >=10.2.0<10.2.7 | |
| Palo Alto Networks PAN-OS | >=11.0.0<11.0.3 | |
| Palo Alto Networks PAN-OS | =9.0.17 | |
| Palo Alto Networks PAN-OS | =9.0.17-h1 | |
| Palo Alto Networks PAN-OS | =10.1.11 | |
| Palo Alto Networks PAN-OS | =10.1.11-h1 | |
| Palo Alto Networks PAN-OS | =10.1.11-h3 | |
| Palo Alto Networks PAN-OS | =10.2.7 | |
| Palo Alto Networks PAN-OS | =10.2.7-h1 | |
| Palo Alto Networks Prisma Access |
Remedy
This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3388?
CVE-2024-3388 is considered a high severity vulnerability due to its potential for user impersonation.
Who is affected by CVE-2024-3388?
CVE-2024-3388 affects various versions of Palo Alto Networks PAN-OS, specifically versions 8.1.0 to 8.1.26, 9.0.0 to 9.0.17, 9.1.0 to 9.1.17, 10.1.0 to 10.1.11, 10.2.0 to 10.2.7, and 11.0.0 to 11.0.3.
How do I fix CVE-2024-3388?
To fix CVE-2024-3388, upgrade your PAN-OS software to a version not affected by the vulnerability.
What type of attack does CVE-2024-3388 enable?
CVE-2024-3388 enables an authenticated attacker to impersonate another user and send network packets to internal network assets.
Can an attacker exploit CVE-2024-3388 remotely?
No, CVE-2024-3388 requires authentication to exploit, limiting attackers to those who already have user credentials.
- agent/weakness
- agent/title
- agent/references
- agent/remedy
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/severity
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/palo alto networks
- canonical/palo alto pan-os
- vendor/paloaltonetworks
- canonical/palo alto networks pan-os
- version/palo alto networks pan-os/8.1.0
- version/palo alto networks pan-os/9.0.0
- version/palo alto networks pan-os/9.1.0
- version/palo alto networks pan-os/10.1.0
- version/palo alto networks pan-os/10.2.0
- version/palo alto networks pan-os/11.0.0
- version/palo alto networks pan-os/9.0.17
- version/palo alto networks pan-os/9.0.17-h1
- version/palo alto networks pan-os/10.1.11
- version/palo alto networks pan-os/10.1.11-h1
- version/palo alto networks pan-os/10.1.11-h3
- version/palo alto networks pan-os/10.2.7
- version/palo alto networks pan-os/10.2.7-h1
- canonical/palo alto networks prisma access