gsd-2024-2431
Vulnerability from gsd
Modified
2024-04-02 05:02
Details
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-2431"
],
"details": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.",
"id": "GSD-2024-2431",
"modified": "2024-04-02T05:02:53.140950Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2024-2431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"changes": [
{
"at": "6.0.4",
"status": "unaffected"
}
],
"lessThan": "6.0.4",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.12",
"status": "unaffected"
}
],
"lessThan": "5.1.12",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.2.13",
"status": "unaffected"
}
],
"lessThan": "5.2.13",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.1",
"status": "unaffected"
}
],
"lessThan": "6.1.1",
"status": "affected",
"version": "6.1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2"
}
]
}
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network \u003e GlobalProtect \u003e Portals \u003e (portal-config) \u003e Agent \u003e (agent-config) \u003e App) and take the appropriate actions as needed."
}
],
"value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network \u003e GlobalProtect \u003e Portals \u003e (portal-config) \u003e Agent \u003e (agent-config) \u003e App) and take the appropriate actions as needed."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."
}
]
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-269",
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2024-2431",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2024-2431"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n"
}
],
"source": {
"defect": [
"GPC-15349"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\u003cbr\u003e"
}
],
"value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n"
}
]
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."
}
],
"id": "CVE-2024-2431",
"lastModified": "2024-03-13T18:15:58.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T18:15:08.293",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"url": "https://security.paloaltonetworks.com/CVE-2024-2431"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.