CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3387 – PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3387
10 Apr 2024 — A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. • https://security.paloaltonetworks.com/CVE-2024-3387 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3382 – PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
https://notcve.org/view.php?id=CVE-2024-3382
10 Apr 2024 — A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. • https://security.paloaltonetworks.com/CVE-2024-3382 • CWE-770: Allocation of Resources Without Limits or Throttling •