{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8687", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-09-11T08:21:12.686Z", "datePublished": "2024-09-11T16:40:21.066Z", "dateUpdated": "2024-09-11T18:25:14.604Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "11.1.0"}, {"status": "unaffected", "version": "11.2.0"}, {"changes": [{"at": "11.0.1", "status": "unaffected"}], "lessThan": "11.0.1", "status": "affected", "version": "11.0.0", "versionType": "custom"}, {"changes": [{"at": "10.2.4", "status": "unaffected"}], "lessThan": "10.2.4", "status": "affected", "version": "10.2.0", "versionType": "custom"}, {"changes": [{"at": "10.1.9", "status": "unaffected"}], "lessThan": "10.1.9", "status": "affected", "version": "10.1.0", "versionType": "custom"}, {"changes": [{"at": "10.0.12", "status": "unaffected"}], "lessThan": "10.0.12", "status": "affected", "version": "10.0.0", "versionType": "custom"}, {"changes": [{"at": "9.1.16", "status": "unaffected"}], "lessThan": "9.1.16", "status": "affected", "version": "9.1.0", "versionType": "custom"}, {"changes": [{"at": "9.0.17", "status": "unaffected"}], "lessThan": "9.0.17", "status": "affected", "version": "9.0.0", "versionType": "custom"}, {"changes": [{"at": "8.1.25", "status": "unaffected"}], "lessThan": "8.1.25", "status": "affected", "version": "8.1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "5.1.12", "status": "unaffected"}], "lessThan": "5.1.12", "status": "affected", "version": "5.1.0", "versionType": "custom"}, {"changes": [{"at": "5.2.13", "status": "unaffected"}], "lessThan": "5.2.13", "status": "affected", "version": "5.2.0", "versionType": "custom"}, {"changes": [{"at": "6.0.7", "status": "unaffected"}], "lessThan": "6.0.7", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"changes": [{"at": "6.1.2", "status": "unaffected"}], "lessThan": "6.1.2", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"changes": [{"at": "6.2.1", "status": "unaffected"}], "lessThan": "6.2.1", "status": "affected", "version": "6.2.0", "versionType": "custom"}, {"status": "unaffected", "version": "6.3.0"}]}, {"defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "All"}]}, {"defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "10.2.9 on PAN-OS", "status": "unaffected"}], "lessThan": "10.2.9 on PAN-OS", "status": "affected", "version": "10.2.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Impacted systems are those on which any of the following features are enabled:<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Disable GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow user to disconnect GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Uninstall GlobalProtect App &gt; Allow with Password"}], "value": "Impacted systems are those on which any of the following features are enabled:\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Disable GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow user to disconnect GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Uninstall GlobalProtect App > Allow with Password"}], "credits": [{"lang": "en", "type": "finder", "value": "Claudiu Pancotan"}], "datePublic": "2024-09-11T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."}], "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-383", "descriptions": [{"lang": "en", "value": "CAPEC-383 Harvesting Information via API Event Monitoring"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-09-11T16:40:21.066Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-8687"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.<br><br>To maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.<br><br>All fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.<br><br>You can find additional information for PAN-204689 here: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues</a>\n\nPrisma Access customers can open a support case to request an upgrade.<br>"}], "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here:  https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues \n\nPrisma Access customers can open a support case to request an upgrade."}], "source": {"defect": ["PAN-204689", "GPC-16848"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-09-11T16:00:00.000Z", "value": "Initial publication"}], "title": "PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Disable GlobalProtect App<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow user to disconnect GlobalProtect App<br><br>Change the following setting (if enabled) to \"Disallow\":<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Uninstall GlobalProtect App<br>"}], "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Disable GlobalProtect App\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Uninstall GlobalProtect App"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T18:23:36.439085Z", "id": "CVE-2024-8687", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:25:14.604Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T18:23:36.439085Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:25:09.280Z"}}], "cna": {"title": "PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes", "source": {"defect": ["PAN-204689", "GPC-16848"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Claudiu Pancotan"}], "impacts": [{"capecId": "CAPEC-383", "descriptions": [{"lang": "en", "value": "CAPEC-383 Harvesting Information via API Event Monitoring"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.9, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "unaffected", "version": "11.1.0"}, {"status": "unaffected", "version": "11.2.0"}, {"status": "affected", "changes": [{"at": "11.0.1", "status": "unaffected"}], "version": "11.0.0", "lessThan": "11.0.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.4", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.4", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.1.9", "status": "unaffected"}], "version": "10.1.0", "lessThan": "10.1.9", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.0.12", "status": "unaffected"}], "version": "10.0.0", "lessThan": "10.0.12", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "9.1.16", "status": "unaffected"}], "version": "9.1.0", "lessThan": "9.1.16", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "9.0.17", "status": "unaffected"}], "version": "9.0.0", "lessThan": "9.0.17", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.1.25", "status": "unaffected"}], "version": "8.1.0", "lessThan": "8.1.25", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "GlobalProtect App", "versions": [{"status": "affected", "changes": [{"at": "5.1.12", "status": "unaffected"}], "version": "5.1.0", "lessThan": "5.1.12", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "5.2.13", "status": "unaffected"}], "version": "5.2.0", "lessThan": "5.2.13", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "6.0.7", "status": "unaffected"}], "version": "6.0.0", "lessThan": "6.0.7", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "6.1.2", "status": "unaffected"}], "version": "6.1.0", "lessThan": "6.1.2", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "6.2.1", "status": "unaffected"}], "version": "6.2.0", "lessThan": "6.2.1", "versionType": "custom"}, {"status": "unaffected", "version": "6.3.0"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "affected", "changes": [{"at": "10.2.9 on PAN-OS", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.9 on PAN-OS", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-09-11T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here:  https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues \n\nPrisma Access customers can open a support case to request an upgrade.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.<br><br>To maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.<br><br>All fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.<br><br>You can find additional information for PAN-204689 here: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues</a>\n\nPrisma Access customers can open a support case to request an upgrade.<br>", "base64": false}]}], "datePublic": "2024-09-11T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-8687"}], "workarounds": [{"lang": "en", "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Disable GlobalProtect App\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Uninstall GlobalProtect App", "supportingMedia": [{"type": "text/html", "value": "Change the following two settings (if enabled) to \"Allow with Ticket\":<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Disable GlobalProtect App<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow user to disconnect GlobalProtect App<br><br>Change the following setting (if enabled) to \"Disallow\":<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Uninstall GlobalProtect App<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.", "supportingMedia": [{"type": "text/html", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "configurations": [{"lang": "en", "value": "Impacted systems are those on which any of the following features are enabled:\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Disable GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow user to disconnect GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals >  > Agent >  > App > Allow User to Uninstall GlobalProtect App > Allow with Password", "supportingMedia": [{"type": "text/html", "value": "Impacted systems are those on which any of the following features are enabled:<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Disable GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow user to disconnect GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt;  &gt; Agent &gt;  &gt; App &gt; Allow User to Uninstall GlobalProtect App &gt; Allow with Password", "base64": false}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-09-11T16:40:21.066Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8687", "state": "PUBLISHED", "dateUpdated": "2024-09-11T18:25:14.604Z", "dateReserved": "2024-09-11T08:21:12.686Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-09-11T16:40:21.066Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C73941F-EBEE-4A03-94A4-B4C7C96E4963", "versionEndExcluding": "8.1.25", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE", "versionEndExcluding": "9.0.17", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC", "versionEndExcluding": "9.1.16", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF", "versionEndExcluding": "10.1.9", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5", "versionEndExcluding": "10.2.4", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "B67C7EC3-6A0C-4068-A40C-3CA3CE670E02", "versionEndExcluding": "5.1.12", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E58F8A-5040-432C-9B6B-1890F33A0FB3", "versionEndExcluding": "5.2.13", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACA99D7-01F8-4BEE-9CC9-AF8AA1121DAB", "versionEndExcluding": "6.0.7", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BDBA4C-CEE9-4B47-82EE-3B58A04EB649", "versionEndExcluding": "6.1.2", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "780045AA-5D59-4D8C-B742-B48B58DAD8F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:prisma_access:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFB6FBC7-DEEB-4571-BCF9-92345A4B614A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "456CB3CF-DCDA-4A0A-8DC0-72DBD713D3BE", "versionEndExcluding": "10.2.9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el software PAN-OS de Palo Alto Networks que permite que un usuario final de GlobalProtect conozca tanto la contrase\u00f1a de desinstalaci\u00f3n de GlobalProtect configurada como el c\u00f3digo de acceso de deshabilitaci\u00f3n o desconexi\u00f3n configurado. Una vez que se conoce la contrase\u00f1a o el c\u00f3digo de acceso, los usuarios finales pueden desinstalar, deshabilitar o desconectar GlobalProtect incluso si la configuraci\u00f3n de la aplicaci\u00f3n GlobalProtect normalmente no les permitir\u00eda hacerlo."}], "id": "CVE-2024-8687", "lastModified": "2024-10-03T00:26:56.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "AUTOMATIC", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-09-11T17:15:14.157", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-8687"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}