CVE-2024-3386

EUVD-2024-31975
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
9.0.0 ≤
𝑥
< 9.0.16
paloaltonetworkspan-os
9.1.0 ≤
𝑥
< 9.1.17
paloaltonetworkspan-os
10.0.0 ≤
𝑥
< 10.0.13
paloaltonetworkspan-os
10.1.0 ≤
𝑥
≤ 10.1.8
paloaltonetworkspan-os
10.2.0 ≤
𝑥
< 10.2.4
paloaltonetworkspan-os
11.0.0 ≤
𝑥
< 11.0.1
paloaltonetworkspan-os
9.0.17
paloaltonetworkspan-os
9.0.17:h1
paloaltonetworkspan-os
10.1.9
paloaltonetworkspan-os
10.1.9:h1
paloaltonetworkspan-os
10.2.4
paloaltonetworkspan-os
11.0.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
palo_alto_networkscloud_ngfw
𝑥
< *
ADP
palo_alto_networksprisma_access
𝑥
< *
ADP
palo_alto_networkspan-os
9.0.0 ≤
𝑥
< 9.0.17-h2
ADP
palo_alto_networkspan-os
9.1.0 ≤
𝑥
< 9.1.17
ADP
palo_alto_networkspan-os
10.0.00 ≤
𝑥
< 10.0.13
ADP
palo_alto_networkspan-os
10.1.0 ≤
𝑥
< 10.1.9-h3
ADP
palo_alto_networkspan-os
10.1.0 ≤
𝑥
< 10.1.10
ADP
palo_alto_networkspan-os
10.2.0 ≤
𝑥
< 10.2.4-h2
ADP
palo_alto_networkspan-os
10.2.0 ≤
𝑥
< 10.2.5
ADP
palo_alto_networkspan-os
11.0.0 ≤
𝑥
< 11.0.1-h2
ADP
palo_alto_networkspan-os
11.0.0 ≤
𝑥
< 11.0.2
ADP
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2024-3386
https://security.paloaltonetworks.com/CVE-2024-3386