CVE-2024-8688

Summary

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS9.1.0 < 9.1.15affected
Palo Alto NetworksPAN-OS10.0.0 < 10.0.10affected
Palo Alto NetworksPAN-OS10.1.0 < 10.1.1affected
Palo Alto NetworksPAN-OS10.2.0unaffected
Palo Alto NetworksPAN-OS11.0.0unaffected
Palo Alto NetworksPAN-OS11.1.0unaffected
Palo Alto NetworksPAN-OS11.2.0unaffected
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-155: CWE-155 Improper Neutralization of Wildcards or Matching Symbols

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References