CVE-2024-3387
published 2024-04-10CVE-2024-3387: A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to…
PriorityP432medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.17%
6.7th percentile
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.12 | 10.1.12 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.7-h3 | 10.2.7-h3 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.4 | 11.0.4 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.12 | 10.1.12 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.7 | 10.2.7 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.4 | 11.0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
vendor_paloalto·2024-04-10·CVSS 5.9
CVE-2024-3387 [MEDIUM] CWE-326 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed on Panorama in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.
GHSA
GHSA-hcgv-gpgg-9mmm: A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) att
ghsa_unreviewed·2024-04-10
CVE-2024-3387 [MEDIUM] CWE-326 GHSA-hcgv-gpgg-9mmm: A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) att
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-10
Published