CVE-2024-2431

Improper Privilege Management (CWE-269)

Published: Mar 13, 2024 / Updated: 8mo ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2431

Mar 13, 2024 at 11:15 AM
First Article

Feedly found the first article mentioning CVE-2024-2431. See article

Mar 13, 2024 at 6:27 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.2%)

Mar 14, 2024 at 2:45 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379514)

Mar 18, 2024 at 12:00 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (192238)

Mar 19, 2024 at 10:15 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 14, 2024 at 11:36 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/globalprotect
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-122: Privilege Abuse
+null more

News

[no-title]
10 N CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect none none none none All >= 11.1.2-h3 (See additional hotfixes in Solution section) >= 11.0.4-h1 (See additional hotfixes in Solution section) >= 10.2.9-h1 (See additional hotfixes in Solution section) All All all 2024-04-12 2024-04-15 8.3 N CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) none none none none All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all 2024-04-10 2024-04-10 8.2 N CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access none none none All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All 2024-04-10 2024-04-10 8.2 CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets none none none none All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all 2024-04-10 2024-04-10 8.2 N CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets none none none none All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all 2024-04-10 2024-04-10 6.9 N CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access none none none All All >= 11.0.1-h2, >= 11.0.2 >= 10.2.4-h2, >= 10.2.5 >= 10.1.9-h3, >= 10.1.10 >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All 2024-04-10 2024-04-10 6 CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure none none none none All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all 2024-04-10 2024-04-10 5.1 CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access none none All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4 2024-04-10 2024-04-10 i PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS Versions prior to those listed above 2024-04-10 i PAN-SA-2024-0003 Informational Bulletin:
Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities
Palo Alto Networks GlobalProtect app is vulnerable to a denial of service, caused by improper privilege management. Palo Alto Networks GlobalProtect app on Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management.
Palo Alto GlobalProtect Agent < 5.1.12 / 5.2.x < 5.2.13 / 6.0.x < 6.0.4 / 6.1.x < 6.1.1 (GPC-15349)
Nessus Plugin ID 192238 with Medium Severity Synopsis The remote host is missing a security update. Description The version of Palo Alto GlobalProtect Agent installed on the remote host is prior to 5.1.12, 5.2.13, 6.0.4, or 6.1.1. It is, therefore, affected by a vulnerability as referenced in the GPC-15349 advisory. - An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. (CVE-2024-2431) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Upgrade to Palo Alto GlobalProtect Agent version 5.1.12 / 5.2.13 / 6.0.4 / 6.1.1 or later. Read more at https://www.tenable.com/plugins/nessus/192238
Palo Alto Networks GlobalProtect app denial of service CVE-2024-2431 - https://www. redpacketsecurity.com/palo-alt o-networks-globalprotect-app-denial-of-service-cve-2024-2431/ # CVE # Vulnerability # OSINT # ThreatIntel # Cyber
Palo Alto Networks GlobalProtect app denial of service | CVE-2024-2431
Palo Alto Networks GlobalProtect app denial of service Palo Alto Networks GlobalProtect app is vulnerable to a denial of service, caused by improper privilege management.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI