Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3388

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

Published

2024-04-10T17:15:57.970

Last Modified

2025-01-24T16:16:18.310

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269
CWE-863
Type: Primary
CWE-269
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	paloaltonetworks	pan-os	< 8.1.26	Yes
Operating System	paloaltonetworks	pan-os	< 9.0.17	Yes
Operating System	paloaltonetworks	pan-os	< 9.1.17	Yes
Operating System	paloaltonetworks	pan-os	< 10.1.11	Yes
Operating System	paloaltonetworks	pan-os	< 10.2.7	Yes
Operating System	paloaltonetworks	pan-os	< 11.0.3	Yes
Operating System	paloaltonetworks	pan-os	9.0.17	Yes
Operating System	paloaltonetworks	pan-os	9.0.17	Yes
Operating System	paloaltonetworks	pan-os	10.1.11	Yes
Operating System	paloaltonetworks	pan-os	10.1.11	Yes
Operating System	paloaltonetworks	pan-os	10.1.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Application	paloaltonetworks	prisma_access	-	Yes

References

https://security.paloaltonetworks.com/CVE-2024-3388 Vendor Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2024-3388 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)