cbcvebase.
CVE-2024-0009
published 2024-02-14

CVE-2024-0009: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen…

PriorityP335medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.18%
7.6th percentile
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

Affected

9 ranges
VendorProductVersion rangeFixed in
oveleoncontao-cookiebar>= 0 < 1.16.31.16.3
oveleoncontao-cookiebar>= 2.0.0 < 2.1.32.1.3
palo_alto_networkspan-os>= 10.2 < 10.2.410.2.4
palo_alto_networkspan-os>= 11.0 < 11.0.111.0.1
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.2.0 < 10.2.410.2.4

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cisa6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.