CVE-2024-0008
6.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.17-h2 | affected |
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.18 | affected |
| Palo Alto Networks | PAN-OS | 9.1 < 9.1.17 | affected |
| Palo Alto Networks | PAN-OS | 10.0 < 10.0.12-h1 | affected |
| Palo Alto Networks | PAN-OS | 10.0 < 10.0.13 | affected |
| Palo Alto Networks | PAN-OS | 10.1 < 10.1.10-h1 | affected |
| Palo Alto Networks | PAN-OS | 10.1 < 10.1.11 | affected |
| Palo Alto Networks | PAN-OS | 10.2 < 10.2.5 | affected |
| Palo Alto Networks | PAN-OS | 11.0 < 11.0.2 | affected |
| Palo Alto Networks | PAN-OS | 11.1 < All | unaffected |
| Palo Alto Networks | Prisma Access | All | unaffected |
| Palo Alto Networks | Cloud NGFW | All | unaffected |
Weaknesses
- CWE-613: CWE-613 Insufficient Session Expiration
Workarounds
Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.