cbcvebase.
CVE-2024-2433
published 2024-03-13

CVE-2024-2433: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web…

PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNINAL
EPSS
0.56%
42.6th percentile
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

Affected

14 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 10.1 < 10.1.1210.1.12
palo_alto_networkspan-os>= 10.2 < 10.2.810.2.8
palo_alto_networkspan-os>= 11.0 < 11.0.311.0.3
palo_alto_networkspan-os>= 9.0 < 9.0.17-h49.0.17-h4
palo_alto_networkspan-os>= 9.1 < 9.1.179.1.17
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os< 9.0.179.0.17
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.1.0 < 10.1.1210.1.12
paloaltonetworkspan-os>= 10.2.0 < 10.2.810.2.8
paloaltonetworkspan-os>= 11.0.0 < 11.0.311.0.3
paloaltonetworkspan-os>= 9.1.0 < 9.1.179.1.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.