CVE-2024-3387

EUVD-2024-31976
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
palo_altoCNA
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
10.1.0 ≤
𝑥
< 10.1.12
paloaltonetworkspan-os
10.2.0 ≤
𝑥
< 10.2.7
paloaltonetworkspan-os
11.0.0 ≤
𝑥
< 11.0.4
paloaltonetworkspan-os
10.2.7:h1
paloaltonetworkspan-os
10.2.7:h2
paloaltonetworkspan-os
10.2.7:h3
paloaltonetworkspan-os
10.2.7:h4
paloaltonetworkspan-os
10.2.7:h5
paloaltonetworkspan-os
10.2.7:h6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2024-3387
https://security.paloaltonetworks.com/CVE-2024-3387