We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3383

PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)



Description

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.

Reserved 2024-04-05 | Published 2024-04-10 | Updated 2024-08-09 | Assigner palo_alto


HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-282: Improper Ownership Management

Product status

Default status
unaffected

11.1.0
unaffected

11.0.0 before 11.0.3
affected

10.2.0 before 10.2.5
affected

10.1.0 before 10.1.11
affected

9.1.0
unaffected

9.0.0
unaffected

Default status
unaffected

All
unaffected

Default status
unaffected

All
unaffected

Timeline

2024-04-10:Initial publication

Credits

Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue. finder

References

security.paloaltonetworks.com/CVE-2024-3383

cve.org (CVE-2024-3383)

nvd.nist.gov (CVE-2024-3383)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3383

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.