cbcvebase.
CVE-2024-3386
published 2024-04-10

CVE-2024-3386: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This…

PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.43%
34.7th percentile
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

Affected

25 ranges
VendorProductVersion rangeFixed in
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
palo_alto_networkspan-os>= 10.0.0 < 10.0.1310.0.13
palo_alto_networkspan-os>= 10.1.0 < 10.1.9-h310.1.9-h3
palo_alto_networkspan-os>= 10.1.0 < 10.1.1010.1.10
palo_alto_networkspan-os>= 10.2.0 < 10.2.4-h210.2.4-h2
palo_alto_networkspan-os>= 10.2.0 < 10.2.510.2.5
palo_alto_networkspan-os>= 11.0.0 < 11.0.1-h211.0.1-h2
palo_alto_networkspan-os>= 11.0.0 < 11.0.211.0.2
palo_alto_networkspan-os>= 9.0.0 < 9.0.17-h29.0.17-h2
palo_alto_networkspan-os>= 9.1.0 < 9.1.179.1.17
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.0.0 < 10.0.1310.0.13
paloaltonetworkspan-os10.1.0 – 10.1.8
paloaltonetworkspan-os>= 10.2.0 < 10.2.410.2.4
paloaltonetworkspan-os>= 11.0.0 < 11.0.111.0.1
paloaltonetworkspan-os>= 9.0.0 < 9.0.169.0.16
paloaltonetworkspan-os>= 9.1.0 < 9.1.179.1.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.