{ "id": "CVE-2024-2550", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-11-14T10:15:04.137", "lastModified": "2025-01-24T16:02:49.703", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode." }, { "lang": "es", "value": "Una vulnerabilidad de desreferencia de puntero nulo en la puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permite que un atacante no autenticado detenga el servicio GlobalProtect en el firewall mediante el env\u00edo de un paquete especialmente manipulado que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n hacen que el firewall entre en modo de mantenimiento." } ], "metrics": { "cvssMetricV40": [ { "source": "psirt@paloaltonetworks.com", "type": "Secondary", "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER" } } ], "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@paloaltonetworks.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-476" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-476" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.7", "matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.0.6", "matchCriteriaId": "47CBEECE-EA41-4A58-8AE9-D695C76D4019" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.4", "matchCriteriaId": "459485B4-47FF-4A5F-9249-AE0445A0096A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*", "matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*", "matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*", "matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*", "matchCriteriaId": "5D64390F-F870-4DBF-B0FE-BCDFE58C8685" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*", "matchCriteriaId": "F70FC9DF-10C9-4AE5-B64B-3153E2E4E9E8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*", "matchCriteriaId": "C3D6D552-6F33-496A-A505-5F59DF3B487B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*", "matchCriteriaId": "D1ECD1DC-5A05-4E4F-97F5-136CE777FAB3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*", "matchCriteriaId": "CBA2B4FA-16C2-41B9-856D-EDC0CAF7A164" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*", "matchCriteriaId": "E5E6A893-2994-40A3-AF35-8AF068B0DE42" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*", "matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*", "matchCriteriaId": "8C7E9211-7041-4720-B4B9-3EA95D425263" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*", "matchCriteriaId": "CEB258EE-2C6E-4A63-B04C-89C5F76B0878" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*", "matchCriteriaId": "0F481B0E-2353-4AB0-8A98-B0EFBC409868" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*", "matchCriteriaId": "3F7FC771-527F-4619-B785-6AE1F4722074" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*", "matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*", "matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*", "matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*", "matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*", "matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295" }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*", "matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99" } ] } ] } ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-2550", "source": "psirt@paloaltonetworks.com", "tags": [ "Vendor Advisory" ] } ] }