CVE-2024-3386 — Interpretation Conflict in Palo Alto Networks Pan-os

CWE-436 — Interpretation Conflict5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedApr 10

Latest updateApr 17

Description

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os9.0.0 — 9.0.16+9

▶CVEListV5palo_alto_networks/pan-os9.0.0 — 9.0.17-h2+8

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

🔴Vulnerability Details

GHSA

GHSA-v293-3p6g-j7w7: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as inten↗2024-04-10

▶

CVEList

PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended↗2024-04-10

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2024-04-17↗2024-04-17

▶

Palo Alto

PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended↗2024-04-10

▶