CVE-2024-3387
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
*Credits:
Palo Alto Networks thanks one of our customers for discovering and reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-05 CVE Reserved
- 2024-04-10 CVE Published
- 2024-04-11 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
- CAPEC-20: Encryption Brute Forcing
References (1)
| URL | Tag | Source |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-3387 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 10.1.0 < 10.1.12 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 10.1.0 < 10.1.12" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 10.2.0 < 10.2.8 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 10.2.0 < 10.2.8" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 11.0.0 < 11.0.4 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 11.0.0 < 11.0.4" | en |
Affected
| ||||||