CVE-2024-2433

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-2433
https://security.paloaltonetworks.com/CVE-2024-2433

Configurations

No configuration.

History

21 Nov 2024, 09:09

Type	Values Removed	Values Added
References	~~() https://security.paloaltonetworks.com/CVE-2024-2433 -~~	() https://security.paloaltonetworks.com/CVE-2024-2433 -
Summary		(es) Una vulnerabilidad de autorización inadecuada en el software Panorama de Palo Alto Networks permite que un administrador autenticado de solo lectura cargue archivos utilizando la interfaz web y llene completamente una de las particiones del disco con esos archivos cargados, lo que impide iniciar sesión en la interfaz web o descargarlos. PAN-OS, WildFire e imágenes de contenido. Este problema afecta únicamente a la interfaz web del plano de gestión; el plano de datos no se ve afectado.

13 Mar 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-13 18:15

Updated : 2024-11-21 09:09

NVD link : CVE-2024-2433

Mitre link : CVE-2024-2433

CVE.ORG link : CVE-2024-2433

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

4.3 /10