cbcvebase.
CVE-2024-0008
published 2024-02-14

CVE-2024-0008: Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized…

PriorityP348high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.50%
39.2th percentile
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

Affected

21 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 10.0 < 10.0.12-h110.0.12-h1
palo_alto_networkspan-os>= 10.0 < 10.0.1310.0.13
palo_alto_networkspan-os>= 10.1 < 10.1.10-h110.1.10-h1
palo_alto_networkspan-os>= 10.1 < 10.1.1110.1.11
palo_alto_networkspan-os>= 10.2 < 10.2.510.2.5
palo_alto_networkspan-os>= 11.0 < 11.0.211.0.2
palo_alto_networkspan-os>= 9.0 < 9.0.17-h29.0.17-h2
palo_alto_networkspan-os>= 9.0 < 9.0.189.0.18
palo_alto_networkspan-os>= 9.1 < 9.1.179.1.17
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.0.0 < 10.0.1210.0.12
paloaltonetworkspan-os>= 10.1.0 < 10.1.1010.1.10
paloaltonetworkspan-os>= 10.2.0 < 10.2.510.2.5
paloaltonetworkspan-os>= 11.0.0 < 11.0.211.0.2
paloaltonetworkspan-os>= 9.0.0 < 9.0.179.0.17
paloaltonetworkspan-os>= 9.1.0 < 9.1.179.1.17

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.