CVE-2024-3388

{"id": "CVE-2024-3388", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.3}]}, "published": "2024-04-10T17:15:57.970", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-3388", "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2024-3388", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets."}, {"lang": "es", "value": "Una vulnerabilidad en GlobalProtect Gateway del software PAN-OS de Palo Alto Networks permite que un atacante autenticado se haga pasar por otro usuario y env\u00ede paquetes de red a recursos internos. Sin embargo, esta vulnerabilidad no permite que el atacante reciba paquetes de respuesta de esos recursos internos."}], "lastModified": "2024-11-21T09:29:31.047", "sourceIdentifier": "psirt@paloaltonetworks.com"}