An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
2024-11-14T10:15:08.813
2025-10-01T18:41:27.760
Analyzed
CVSSv3.1: 4.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | paloaltonetworks | pan-os | < 10.1.11 | Yes |
| Operating System | paloaltonetworks | pan-os | ≤ 10.2.4 | Yes |
| Operating System | paloaltonetworks | pan-os | < 11.0.3 | Yes |
| Operating System | paloaltonetworks | pan-os | 10.2.4 | Yes |
| Operating System | paloaltonetworks | pan-os | 10.2.4 | Yes |
| Operating System | paloaltonetworks | pan-os | 10.2.4 | Yes |
| Operating System | paloaltonetworks | pan-os | 10.2.4 | Yes |