Unrated severityNVD Advisory· Published Sep 11, 2024· Updated Sep 11, 2024

PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes

CVE-2024-8687

Description

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Affected products

Paloaltonetworks/Pan Osv5
Range: 11.0.0
Paloaltonetworks/Cloud NGFWcpe-rescue
Range: All
Paloaltonetworks/Globalprotectcpe-rescue
Range: 5.1.0
Paloaltonetworks/Prisma Access Agentcpe-rescue
Range: 10.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/CVE-2024-8687mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000