CVE-2024-3386
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 9.0.0 < 9.0.17-h2 | affected |
| Palo Alto Networks | PAN-OS | 9.1.0 < 9.1.17 | affected |
| Palo Alto Networks | PAN-OS | 10.0.0 < 10.0.13 | affected |
| Palo Alto Networks | PAN-OS | 10.1.0 < 10.1.9-h3 | affected |
| Palo Alto Networks | PAN-OS | 10.1.0 < 10.1.10 | affected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.4-h2 | affected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.5 | affected |
| Palo Alto Networks | PAN-OS | 11.0.0 < 11.0.1-h2 | affected |
| Palo Alto Networks | PAN-OS | 11.0.0 < 11.0.2 | affected |
| Palo Alto Networks | PAN-OS | 11.1.0 | unaffected |
| Palo Alto Networks | Cloud NGFW | All | unaffected |
| Palo Alto Networks | Prisma Access | All | unaffected |
Weaknesses
- CWE-436: CWE-436 Interpretation Conflict
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.