CVE-2024-3387

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-3387
https://security.paloaltonetworks.com/CVE-2024-3387

Configurations

No configuration.

History

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://security.paloaltonetworks.com/CVE-2024-3387 -~~	() https://security.paloaltonetworks.com/CVE-2024-3387 -
Summary		(es) Un certificado de dispositivo débil (baja potencia de bits) en el software Panorama de Palo Alto Networks permite a un atacante realizar un ataque de intermediario (MitM) para capturar el tráfico cifrado entre el servidor de administración de Panorama y los firewalls que administra. Con suficientes recursos informáticos, el atacante podría interrumpir la comunicación cifrada y exponer información confidencial que se comparte entre el servidor de administración y los firewalls.

10 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-10 17:15

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3387

Mitre link : CVE-2024-3387

CVE.ORG link : CVE-2024-3387

JSON object : View

Products Affected

No product.

CWE

CWE-326

Inadequate Encryption Strength

5.3 /10