CVE-2024-0009

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

CVSS v3.0 6.3 MEDIUM

6.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-0009	Vendor Advisory
https://security.paloaltonetworks.com/CVE-2024-0009	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h4::::::

Configuration 2 (hide)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

History

09 Dec 2024, 15:13

Type	Values Removed	Values Added
First Time		Paloaltonetworks Paloaltonetworks pan-os
CWE		CWE-346
CPE		cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h4::::::
References	~~() https://security.paloaltonetworks.com/CVE-2024-0009 -~~	() https://security.paloaltonetworks.com/CVE-2024-0009 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.3

14 Feb 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-14 18:15

Updated : 2024-12-09 15:13

NVD link : CVE-2024-0009

Mitre link : CVE-2024-0009

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-346

Origin Validation Error

6.3 /10