cbcvebase.
CVE-2024-8687
published 2024-09-11

CVE-2024-8687: An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured…

PriorityP337high7.1CVSS 3.1
AVNACLPRLUINSUCLINAH
EPSS
0.40%
32.3th percentile
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
palo_alto_networksglobalprotect_app>= 5.1.0 < 5.1.125.1.12
palo_alto_networksglobalprotect_app>= 5.2.0 < 5.2.135.2.13
palo_alto_networksglobalprotect_app>= 6.0.0 < 6.0.76.0.7
palo_alto_networksglobalprotect_app>= 6.1.0 < 6.1.26.1.2
palo_alto_networksglobalprotect_app>= 6.2.0 < 6.2.16.2.1
palo_alto_networkspan-os>= 10.0.0 < 10.0.1210.0.12
palo_alto_networkspan-os>= 10.1.0 < 10.1.910.1.9
palo_alto_networkspan-os>= 10.2.0 < 10.2.410.2.4
palo_alto_networkspan-os>= 11.0.0 < 11.0.111.0.1
palo_alto_networkspan-os>= 8.1.0 < 8.1.258.1.25
palo_alto_networkspan-os>= 9.0.0 < 9.0.179.0.17
palo_alto_networkspan-os>= 9.1.0 < 9.1.169.1.16
palo_alto_networksprisma_access>= 10.2.0 < 10.2.9 on PAN-OS10.2.9 on PAN-OS
paloaltocloud_ngfw
paloaltoglobalprotect_app
paloaltopan-os
paloaltoprisma_access
paloaltonetworksglobalprotect
paloaltonetworksglobalprotect>= 5.1.0 < 5.1.125.1.12
paloaltonetworksglobalprotect>= 5.2.0 < 5.2.135.2.13
paloaltonetworksglobalprotect>= 6.0.0 < 6.0.76.0.7
paloaltonetworksglobalprotect>= 6.1.0 < 6.1.26.1.2
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.0.0 < 10.0.1210.0.12
paloaltonetworkspan-os>= 10.1.0 < 10.1.910.1.9

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.