CVE-2024-5918
published 2024-11-14CVE-2024-5918: An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate…
PriorityP424medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.17%
6.8th percentile
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.11 | 10.1.11 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.4-h5 | 10.2.4-h5 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.11 | 10.1.11 |
| paloaltonetworks | pan-os | 10.2.0 – 10.2.4 | — |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
vendor_paloalto·CVSS 5.3
CVE-2024-5918 [MEDIUM] CWE-295 PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.
Workaround: You can mitigate this issue by setting the "Allow Authentication with User Credentials OR Client Certificate" option to "No." Additional i
GHSA
GHSA-xvx4-v362-295f: An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client cert
ghsa_unreviewed·2024-11-14
CVE-2024-5918 [MEDIUM] CWE-295 GHSA-xvx4-v362-295f: An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client cert
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-14
Published