VDB
CVE-2024-8687
CVE-2024-8687
PUBLISHED
Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS und PaloAlto Networks GlobalProtect. Dieser Fehler besteht, weil der Portal-Passcode im Klartext gespeichert wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Anmeldeinformationen offenzulegen. Sobald das Passwort oder der Passcode in Erfahrung gebracht wurde, kann der Angreifer GlobalProtect deinstallieren, deaktivieren oder die Verbindung trennen und so die normale Konfiguration und Sicherheitskontrolle der Anwendung umgehen.
EPSS 0.38% · 60.0th percentile
Risk Scores
EPSS Score
0.38%
60.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PaloAlto Networks | PaloAlto Networks PAN-OS <9.1.15 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <11.0.1 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <9.0.17 | |
| PaloAlto Networks | PaloAlto Networks GlobalProtect <5.1.12 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <8.1.25 | |
| PaloAlto Networks | PaloAlto Networks GlobalProtect <6.2.1 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <10.2.4 | |
| PaloAlto Networks | PaloAlto Networks GlobalProtect <6.0.7 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <10.0.12 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <10.0.10 | |
| PaloAlto Networks | PaloAlto Networks GlobalProtect <5.2.13 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <10.1.9 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <9.1.16 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS <10.1.1 | |
| PaloAlto Networks | PaloAlto Networks GlobalProtect <6.1.2 |
Exploit Intelligence
- CIRCL seen: CVE-2024-8687 (circl-sighting)
- https://security.paloaltonetworks.com/CVE-2024-8687 (circl)
Timeline
- Sep 11, 2024 PoC Published
- Sep 11, 2024 CVE Published
- Sep 11, 2024 CVE Updated
- Sep 12, 2024 EPSS Score
- Oct 2, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 10, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 21, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2127.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2127 advisory
- https://security.paloaltonetworks.com/CVE-2024-8686 advisory
- https://security.paloaltonetworks.com/CVE-2024-8687 advisory
- https://security.paloaltonetworks.com/CVE-2024-8688 advisory
- https://security.paloaltonetworks.com/CVE-2024-8691 advisory