Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2433

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

Published

2024-03-13T18:15:08.893

Last Modified

2026-01-30T20:58:17.900

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	paloaltonetworks	pan-os	< 9.0.17	Yes
Operating System	paloaltonetworks	pan-os	< 9.1.17	Yes
Operating System	paloaltonetworks	pan-os	< 10.1.12	Yes
Operating System	paloaltonetworks	pan-os	< 10.2.8	Yes
Operating System	paloaltonetworks	pan-os	< 11.0.3	Yes
Operating System	paloaltonetworks	pan-os	9.0.17	Yes
Operating System	paloaltonetworks	pan-os	9.0.17	Yes

References

https://security.paloaltonetworks.com/CVE-2024-2433 Vendor Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2024-2433 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)