Action not permitted
Modal body text goes here.
ghsa-v293-3p6g-j7w7
Vulnerability from github
Published
2024-04-10 18:30
Modified
2024-04-10 18:30
Severity
Details
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
{
"affected": [],
"aliases": [
"CVE-2024-3386"
],
"database_specific": {
"cwe_ids": [
"CWE-436"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T17:15:57Z",
"severity": "MODERATE"
},
"details": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.",
"id": "GHSA-v293-3p6g-j7w7",
"modified": "2024-04-10T18:30:48Z",
"published": "2024-04-10T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3386"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-3386"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
cve-2024-3386
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity
Summary
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:palo_alto_networks:cloud_ngfw:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_ngfw",
"vendor": "palo_alto_networks",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prisma_access",
"vendor": "palo_alto_networks",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "palo_alto_networks",
"versions": [
{
"lessThan": "9.0.17-h2",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
},
{
"lessThan": "10.0.13",
"status": "affected",
"version": "10.0.00",
"versionType": "custom"
},
{
"lessThan": "10.1.9-h3",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.1.10",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.2.4-h2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.2.5",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "11.0.1-h2",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThan": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "11.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:11:36.523628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T15:13:59.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:06.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-3386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "9.0.17-h2",
"status": "unaffected"
}
],
"lessThan": "9.0.17-h2",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.17",
"status": "unaffected"
}
],
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.13",
"status": "unaffected"
}
],
"lessThan": "10.0.13",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.9-h3",
"status": "unaffected"
}
],
"lessThan": "10.1.9-h3",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.10",
"status": "unaffected"
}
],
"lessThan": "10.1.10",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4-h2",
"status": "unaffected"
}
],
"lessThan": "10.2.4-h2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.5",
"status": "unaffected"
}
],
"lessThan": "10.2.5",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.1-h2",
"status": "unaffected"
}
],
"lessThan": "11.0.1-h2",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.2",
"status": "unaffected"
}
],
"lessThan": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device \u003e Certificate Management \u003e SSL Decryption Exclusions)."
}
],
"value": "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device \u003e Certificate Management \u003e SSL Decryption Exclusions)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption."
}
],
"value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436 Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T17:06:32.694Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3386"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.\n"
}
],
"source": {
"defect": [
"PAN-208155"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-3386",
"datePublished": "2024-04-10T17:06:32.694Z",
"dateReserved": "2024-04-05T17:40:19.116Z",
"dateUpdated": "2024-08-01T20:12:06.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...