mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
247 lines
9.1 KiB
JSON
247 lines
9.1 KiB
JSON
{
|
|
"id": "CVE-2024-8687",
|
|
"sourceIdentifier": "psirt@paloaltonetworks.com",
|
|
"published": "2024-09-11T17:15:14.157",
|
|
"lastModified": "2024-10-03T00:26:56.110",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el software PAN-OS de Palo Alto Networks que permite que un usuario final de GlobalProtect conozca tanto la contrase\u00f1a de desinstalaci\u00f3n de GlobalProtect configurada como el c\u00f3digo de acceso de deshabilitaci\u00f3n o desconexi\u00f3n configurado. Una vez que se conoce la contrase\u00f1a o el c\u00f3digo de acceso, los usuarios finales pueden desinstalar, deshabilitar o desconectar GlobalProtect incluso si la configuraci\u00f3n de la aplicaci\u00f3n GlobalProtect normalmente no les permitir\u00eda hacerlo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV40": [
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "4.0",
|
|
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"attackRequirements": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"vulnerableSystemConfidentiality": "HIGH",
|
|
"vulnerableSystemIntegrity": "NONE",
|
|
"vulnerableSystemAvailability": "LOW",
|
|
"subsequentSystemConfidentiality": "NONE",
|
|
"subsequentSystemIntegrity": "NONE",
|
|
"subsequentSystemAvailability": "NONE",
|
|
"exploitMaturity": "NOT_DEFINED",
|
|
"confidentialityRequirements": "NOT_DEFINED",
|
|
"integrityRequirements": "NOT_DEFINED",
|
|
"availabilityRequirements": "NOT_DEFINED",
|
|
"modifiedAttackVector": "NOT_DEFINED",
|
|
"modifiedAttackComplexity": "NOT_DEFINED",
|
|
"modifiedAttackRequirements": "NOT_DEFINED",
|
|
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
|
"modifiedUserInteraction": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
|
"safety": "NOT_DEFINED",
|
|
"automatable": "NO",
|
|
"recovery": "AUTOMATIC",
|
|
"valueDensity": "DIFFUSE",
|
|
"vulnerabilityResponseEffort": "MODERATE",
|
|
"providerUrgency": "AMBER",
|
|
"baseScore": 6.9,
|
|
"baseSeverity": "MEDIUM"
|
|
}
|
|
}
|
|
],
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.1,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 4.2
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-497"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "8.1.0",
|
|
"versionEndExcluding": "8.1.25",
|
|
"matchCriteriaId": "5C73941F-EBEE-4A03-94A4-B4C7C96E4963"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "9.0.0",
|
|
"versionEndExcluding": "9.0.17",
|
|
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "9.1.0",
|
|
"versionEndExcluding": "9.1.16",
|
|
"matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.0.0",
|
|
"versionEndExcluding": "10.0.12",
|
|
"matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.1.0",
|
|
"versionEndExcluding": "10.1.9",
|
|
"matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.2.0",
|
|
"versionEndExcluding": "10.2.4",
|
|
"matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.1.0",
|
|
"versionEndExcluding": "5.1.12",
|
|
"matchCriteriaId": "B67C7EC3-6A0C-4068-A40C-3CA3CE670E02"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.2.0",
|
|
"versionEndExcluding": "5.2.13",
|
|
"matchCriteriaId": "B4E58F8A-5040-432C-9B6B-1890F33A0FB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndExcluding": "6.0.7",
|
|
"matchCriteriaId": "4ACA99D7-01F8-4BEE-9CC9-AF8AA1121DAB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.0",
|
|
"versionEndExcluding": "6.1.2",
|
|
"matchCriteriaId": "C4BDBA4C-CEE9-4B47-82EE-3B58A04EB649"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:6.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "780045AA-5D59-4D8C-B742-B48B58DAD8F0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:paloaltonetworks:prisma_access:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FFB6FBC7-DEEB-4571-BCF9-92345A4B614A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "10.2.9",
|
|
"matchCriteriaId": "456CB3CF-DCDA-4A0A-8DC0-72DBD713D3BE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://security.paloaltonetworks.com/CVE-2024-8687",
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |