CVE-2024-3388: PAN-OS: User Impersonation in GlobalProtect SSL VPN

First published: Wed Apr 10 2024(Updated: )

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

Credit: psirt@paloaltonetworks.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/references
• agent/remedy
• agent/type
• agent/description
• agent/first-publish-date
• agent/severity
• agent/author
• agent/event
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/source
• agent/guess-ai
• agent/software-canonical-lookup
• agent/softwarecombine
• agent/tags
• collector/nvd-api
• source/NVD
• vendor/paloaltonetworks
• canonical/paloaltonetworks pan-os
• version/paloaltonetworks pan-os/8.1.0
• version/paloaltonetworks pan-os/9.0.0
• version/paloaltonetworks pan-os/9.1.0
• version/paloaltonetworks pan-os/10.1.0
• version/paloaltonetworks pan-os/10.2.0
• version/paloaltonetworks pan-os/11.0.0
• version/paloaltonetworks pan-os/9.0.17
• version/paloaltonetworks pan-os/9.0.17-h1
• version/paloaltonetworks pan-os/10.1.11
• version/paloaltonetworks pan-os/10.1.11-h1
• version/paloaltonetworks pan-os/10.1.11-h3
• version/paloaltonetworks pan-os/10.2.7
• version/paloaltonetworks pan-os/10.2.7-h1
• canonical/paloaltonetworks prisma access