CVE-2024-0009
published 2024-02-14CVE-2024-0009: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen…
PriorityP335medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.18%
7.6th percentile
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oveleon | contao-cookiebar | >= 0 < 1.16.3 | 1.16.3 |
| oveleon | contao-cookiebar | >= 2.0.0 < 2.1.3 | 2.1.3 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.4 | 10.2.4 |
| palo_alto_networks | pan-os | >= 11.0 < 11.0.1 | 11.0.1 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.4 | 10.2.4 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cisa6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
VMware vCenter Server Incorrect Default File Permissions Vulnerability
cisa·2024-07-17·CVSS 6.5
CVE-2022-22948 [MEDIUM] CWE-276 VMware vCenter Server Incorrect Default File Permissions Vulnerability
Vulnerability: VMware vCenter Server Incorrect Default File Permissions Vulnerability
Affected: VMware vCenter Server
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.vmware.com/security/advisories/VMSA-2022-0009.html; https://nvd.nist.gov/vuln/detail/CVE-2022-22948
Remediation Due Date: 2024-08-07
Palo Alto
PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
vendor_paloalto·2024-02-14·CVSS 6.3
CVE-2024-0009 [MEDIUM] CWE-940 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.
GHSA
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
ghsa·2024-07-26
CVE-2024-47069 [MEDIUM] CWE-79 Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
## usd-2024-0009 | Reflected XSS in Oveleon Cookiebar
### Details
**Advisory ID**: usd-2024-0009
**Product**: Cookiebar
**Affected Version**: 2.X
**Vulnerability Type**: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
**Security Risk**: HIGH, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
**Vendor URL**: https://www.usd.de/
**Vendor acknowledged vulnerability**: Yes
**Vendor Status**: Fixed
**CVE Number**: Not requested yet
**CVE Link**: Not requested yet
**First Published**: Published
**Last Update**: 2024-07-29
### Affected Component
The `block` function in `CookiebarController.php`.
### Desciption
Oveleon's Cookiebar is an extension for the popular Contao CMS.
GHSA
GHSA-9ppw-9f8w-5r25: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen
ghsa_unreviewed·2024-02-14
CVE-2024-0009 [MEDIUM] CWE-346 GHSA-9ppw-9f8w-5r25: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-14
Published