CVE-2024-0008

Published Feb 14, 2024

Last updated 2 months ago

CVSS medium 6.6

Overview

Description: Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@paloaltonetworks.com: CWE-613
nvd@nist.gov: CWE-613

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "831B815F-436B-40D2-AFBA-9BE7275C2BEB",
            "versionEndExcluding": "10.2.5",
            "versionStartIncluding": "10.2.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A69845B-51CA-4612-BCBA-96EF92F01D2F",
            "versionEndExcluding": "11.0.2",
            "versionStartIncluding": "11.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F25D99D-0E7C-469B-977E-FCBD0AB2373E",
            "versionEndExcluding": "10.1.10",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F0DB7CB-C200-48C4-9E28-E378AA9A3FA2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829",
            "versionEndExcluding": "10.0.12",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.0.12:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E280D93F-B51F-4F59-9CCE-829C1F9F1A78"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB",
            "versionEndExcluding": "9.1.17",
            "versionStartIncluding": "9.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE",
            "versionEndExcluding": "9.0.17",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDAE9753-EF8D-4B15-A73C-0EF56FE6C78C"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A142EE1-E516-4582-9A7E-6E4C74FB3991"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References