CVE-2024-3383
published 2024-04-10CVE-2024-3383: A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID…
PriorityP350critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.58%
43.1th percentile
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.11 | 10.1.11 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.5 | 10.2.5 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.11 | 10.1.11 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.5 | 10.2.5 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
vendor_paloalto·2024-04-10·CVSS 9.1
CVE-2024-3383 [CRITICAL] CWE-282 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.
GHSA
GHSA-wvjp-4x3w-pvqx: A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User
ghsa_unreviewed·2024-04-10
CVE-2024-3383 [HIGH] CWE-282 GHSA-wvjp-4x3w-pvqx: A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-10
Published