CVE-2024-3383

Summary

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS11.1.0unaffected
Palo Alto NetworksPAN-OS11.0.0 < 11.0.3affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.5affected
Palo Alto NetworksPAN-OS10.1.0 < 10.1.11affected
Palo Alto NetworksPAN-OS9.1.0unaffected
Palo Alto NetworksPAN-OS9.0.0unaffected
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-282: CWE-282: Improper Ownership Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References