Skip to main content

Pan Os CVE-2024-8687

MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2024-09-11 psirt@paloaltonetworks.com
6.9
CVSS 4.0 · Vendor: paloaltonetworks
Share

Severity by source

Vendor (paloaltonetworks) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber

Primary rating from Vendor (paloaltonetworks) · only source for this CVE.

CVSS VectorVendor: paloaltonetworks

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Sep 11, 2024 - 17:15 cve.org
MEDIUM 6.9

DescriptionCVE.org

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

AnalysisAI

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-497. An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so. Affected products include: Paloaltonetworks Pan-Os, Paloaltonetworks Globalprotect, Paloaltonetworks Prisma Access.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Pan Os

View all
CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2016-4971 HIGH POC
8.8 Jun 30

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F

CVE-2016-9150 CRITICAL POC
9.8 Nov 19

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2025-0111 HIGH
7.1 Feb 12

Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of fil

CVE-2024-0012 CRITICAL POC
9.3 Nov 18

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access t

CVE-2020-2038 HIGH POC
7.2 Sep 09

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to exe

CVE-2024-9474 MEDIUM POC
6.9 Nov 18

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to

CVE-2020-2036 HIGH POC
8.8 Sep 09

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity

CVE-2012-6601 CRITICAL
10.0 Aug 31

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x

CVE-2019-1579 HIGH POC
8.1 Jul 19

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with Glob

CVE-2017-8390 CRITICAL
9.8 Aug 02

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 a

Share

CVE-2024-8687 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy