Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-5918

Nov. 15, 2024, 1:58 p.m.

Product(s) Impacted

Palo Alto Networks PAN-OS

Description

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

Weaknesses

CWE-295
Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE ID: 295

Date

Published: Nov. 14, 2024, 10:15 a.m.

Last Modified: Nov. 15, 2024, 1:58 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@paloaltonetworks.com

References

https://security.paloaltonetworks.com/ psirt@paloaltonetworks.com