Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-7xv9-cqv7-wcpr

Опубликовано: 11 сент. 2024
Источник: github
Github: Не прошло ревью
CVSS4: 5.3
CVSS3: 8.1

Описание

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.

Ссылки

EPSS

Процентиль: 49%
0.00257
Низкий

5.3 Medium

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-8691

Дефекты

CWE-863

Связанные уязвимости

nvd логотип

CVE-2024-8691

CVSS3: 7.1
nvd
больше 1 года назад

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.

fstec логотип

BDU:2025-02027

CVSS3: 7.4
fstec
больше 1 года назад

Уязвимость портала GlobalProtect Portal операционной системы PAN-OS, позволяющая нарушителю обойти ограничения безопасности

EPSS

Процентиль: 49%
0.00257
Низкий

5.3 Medium

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-8691

Дефекты

CWE-863