CVE-2024-8687

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-8687

Configurations

No configuration.

History

12 Sep 2024, 12:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de exposición de información en el software PAN-OS de Palo Alto Networks que permite que un usuario final de GlobalProtect conozca tanto la contraseña de desinstalación de GlobalProtect configurada como el código de acceso de deshabilitación o desconexión configurado. Una vez que se conoce la contraseña o el código de acceso, los usuarios finales pueden desinstalar, deshabilitar o desconectar GlobalProtect incluso si la configuración de la aplicación GlobalProtect normalmente no les permitiría hacerlo.

11 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 17:15

Updated : 2024-09-12 12:35

NVD link : CVE-2024-8687

Mitre link : CVE-2024-8687

CVE.ORG link : CVE-2024-8687

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2024-8687", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 6.9, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-11T17:15:14.157", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-8687", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el software PAN-OS de Palo Alto Networks que permite que un usuario final de GlobalProtect conozca tanto la contrase\u00f1a de desinstalaci\u00f3n de GlobalProtect configurada como el c\u00f3digo de acceso de deshabilitaci\u00f3n o desconexi\u00f3n configurado. Una vez que se conoce la contrase\u00f1a o el c\u00f3digo de acceso, los usuarios finales pueden desinstalar, deshabilitar o desconectar GlobalProtect incluso si la configuraci\u00f3n de la aplicaci\u00f3n GlobalProtect normalmente no les permitir\u00eda hacerlo."}], "lastModified": "2024-09-12T12:35:54.013", "sourceIdentifier": "psirt@paloaltonetworks.com"}