cbcvebase.
CVE-2024-3388
published 2024-04-10

CVE-2024-3388: A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send…

PriorityP428medium5CVSS 3.1
AVNACLPRLUINSCCNILAN
EPSS
0.35%
26.9th percentile
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

Affected

19 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 10.1.0 < 10.1.11-h410.1.11-h4
palo_alto_networkspan-os>= 10.2.0 < 10.2.7-h310.2.7-h3
palo_alto_networkspan-os>= 11.0.0 < 11.0.311.0.3
palo_alto_networkspan-os>= 8.1.0 < 8.1.268.1.26
palo_alto_networkspan-os>= 9.0.0 < 9.0.17-h49.0.17-h4
palo_alto_networkspan-os>= 9.1.0 < 9.1.179.1.17
palo_alto_networksprisma_access>= 10.2 < 10.2.410.2.4
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.1.0 < 10.1.1110.1.11
paloaltonetworkspan-os>= 10.2.0 < 10.2.710.2.7
paloaltonetworkspan-os>= 11.0.0 < 11.0.311.0.3
paloaltonetworkspan-os>= 8.1.0 < 8.1.268.1.26
paloaltonetworkspan-os>= 9.0.0 < 9.0.179.0.17
paloaltonetworkspan-os>= 9.1.0 < 9.1.179.1.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.