CVE-2024-0008

Summary

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS9.0 < 9.0.17-h2affected
Palo Alto NetworksPAN-OS9.0 < 9.0.18affected
Palo Alto NetworksPAN-OS9.1 < 9.1.17affected
Palo Alto NetworksPAN-OS10.0 < 10.0.12-h1affected
Palo Alto NetworksPAN-OS10.0 < 10.0.13affected
Palo Alto NetworksPAN-OS10.1 < 10.1.10-h1affected
Palo Alto NetworksPAN-OS10.1 < 10.1.11affected
Palo Alto NetworksPAN-OS10.2 < 10.2.5affected
Palo Alto NetworksPAN-OS11.0 < 11.0.2affected
Palo Alto NetworksPAN-OS11.1 < Allunaffected
Palo Alto NetworksPrisma AccessAllunaffected
Palo Alto NetworksCloud NGFWAllunaffected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

Workarounds

Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References