CVE-2024-2433
published 2024-03-13CVE-2024-2433: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNINAL
EPSS
0.56%
42.6th percentile
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.
This issue affects only the web interface of the management plane; the dataplane is unaffected.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1 < 10.1.12 | 10.1.12 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.8 | 10.2.8 |
| palo_alto_networks | pan-os | >= 11.0 < 11.0.3 | 11.0.3 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.17-h4 | 9.0.17-h4 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.17 | 9.1.17 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | < 9.0.17 | 9.0.17 |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.12 | 10.1.12 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
vendor_paloalto·2024-03-13·CVSS 2.7
CVE-2024-2433 [LOW] CWE-269 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.
This issue affects only the web interface of the management plane; the dataplane is unaffected.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
Workaround: This issue requires the at
GHSA
GHSA-93p2-3fjv-r8vv: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using
ghsa_unreviewed·2024-03-13
CVE-2024-2433 [MEDIUM] CWE-269 GHSA-93p2-3fjv-r8vv: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.
This issue affects only the web interface of the management plane; the dataplane is unaffected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-13
Published