A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2024-8691 |
Configurations
No configuration.
History
12 Sep 2024, 12:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-11 17:15
Updated : 2024-09-12 12:35
NVD link : CVE-2024-8691
Mitre link : CVE-2024-8691
CVE.ORG link : CVE-2024-8691
JSON object : View
Products Affected
No product.
CWE
CWE-863
Incorrect Authorization