github - ghsa-r589-95v2-93xr

ghsa-r589-95v2-93xr

Vulnerability from github

Published

2024-09-11 18:31

Modified

2024-10-03 00:30

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

Details

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-11T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.",
  "id": "GHSA-r589-95v2-93xr",
  "modified": "2024-10-03T00:30:40Z",
  "published": "2024-09-11T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8687"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8687"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8687

Vulnerability from cvelistv5

Published

2024-09-11 16:40

Modified

2024-09-11 18:25

Severity ?

6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

Summary

PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2024-8687

Impacted products

▼	Vendor	Product
	Palo Alto Networks	PAN-OS
	Palo Alto Networks	GlobalProtect App
	Palo Alto Networks	Cloud NGFW
	Palo Alto Networks	Prisma Access

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8687",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:23:36.439085Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:25:14.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "11.1.0"
            },
            {
              "status": "unaffected",
              "version": "11.2.0"
            },
            {
              "changes": [
                {
                  "at": "11.0.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.9",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.0.12",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.1.16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.1.16",
              "status": "affected",
              "version": "9.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.0.17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.17",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.1.25",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.25",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.1.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.2.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.2.13",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.2",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.1",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "6.3.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.2.9 on PAN-OS",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.9 on PAN-OS",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Impacted systems are those on which any of the following features are enabled:\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow User to Disable GlobalProtect App \u0026gt; Allow with Passcode\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow user to disconnect GlobalProtect App \u0026gt; Allow with Passcode\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow User to Uninstall GlobalProtect App \u0026gt; Allow with Password"
            }
          ],
          "value": "Impacted systems are those on which any of the following features are enabled:\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow User to Disable GlobalProtect App \u003e Allow with Passcode\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow user to disconnect GlobalProtect App \u003e Allow with Passcode\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow User to Uninstall GlobalProtect App \u003e Allow with Password"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Claudiu Pancotan"
        }
      ],
      "datePublic": "2024-09-11T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."
            }
          ],
          "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-383",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-383 Harvesting Information via API Event Monitoring"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T16:40:21.066Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-8687"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\u003cbr\u003e\u003cbr\u003eTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\u003cbr\u003e\u003cbr\u003eAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\u003cbr\u003e\u003cbr\u003eYou can find additional information for PAN-204689 here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\"\u003ehttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\u003c/a\u003e\n\nPrisma Access customers can open a support case to request an upgrade.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here:  https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues \n\nPrisma Access customers can open a support case to request an upgrade."
        }
      ],
      "source": {
        "defect": [
          "PAN-204689",
          "GPC-16848"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-11T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow User to Disable GlobalProtect App\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow user to disconnect GlobalProtect App\u003cbr\u003e\u003cbr\u003eChange the following setting (if enabled) to \"Disallow\":\u003cbr\u003e* Network \u0026gt; GlobalProtect \u0026gt; Portals \u0026gt;  \u0026gt; Agent \u0026gt;  \u0026gt; App \u0026gt; Allow User to Uninstall GlobalProtect App\u003cbr\u003e"
            }
          ],
          "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow User to Disable GlobalProtect App\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n* Network \u003e GlobalProtect \u003e Portals \u003e  \u003e Agent \u003e  \u003e App \u003e Allow User to Uninstall GlobalProtect App"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-8687",
    "datePublished": "2024-09-11T16:40:21.066Z",
    "dateReserved": "2024-09-11T08:21:12.686Z",
    "dateUpdated": "2024-09-11T18:25:14.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted