CVE-2024-8687 Vulnerability Details

  /     /     /  

CVE-2024-8687 Metadata Quick Info

CVE Published: 11/09/2024 | CVE Updated: 11/09/2024 | CVE Year: 2024
Source: palo_alto | Vendor: Palo Alto Networks | Product: PAN-OS
Status : PUBLISHED

---

CVE-2024-8687 Description

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-497
CWE Name: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Source: Palo Alto Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-383
CAPEC Description: CAPEC-383 Harvesting Information via API Event Monitoring


Source: NVD (National Vulnerability Database).