CVE-2024-5918
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber
Productos afectados
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma Access¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →