CVE-2024-0009
14.02.2024, 18:15
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.Enginsight
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 11.0.0 |
| paloaltonetworks | pan-os | 11.0.0:h1 |
| paloaltonetworks | pan-os | 11.0.0:h2 |
| paloaltonetworks | pan-os | 11.0.0:h3 |
| paloaltonetworks | pan-os | 11.0.0:h4 |
| paloaltonetworks | pan-os | 10.2.0 ≤ 𝑥 < 10.2.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-940 - Improper Verification of Source of a Communication ChannelThe software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
- CWE-346 - Origin Validation ErrorThe software does not properly verify that the source of data or communication is valid.