Palo Alto PAN-OS User-ID Group Mod via CIE Agent Data
CVE-2024-3383 Published on April 10, 2024
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
Vulnerability Analysis
CVE-2024-3383 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Timeline
Initial publication
Weakness Type
Improper Ownership Management
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Products Associated with CVE-2024-3383
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 11.1.0 is unaffected.
- Version 11.0.0 and below 11.0.3 is affected.
- Version 10.2.0 and below 10.2.5 is affected.
- Version 10.1.0 and below 10.1.11 is affected.
- Version 9.1.0 is unaffected.
- Version 9.0.0 is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.