We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3383

PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)



Assignerpalo_alto
Reserved2024-04-05
Published2024-04-10
Updated2024-08-09

Description

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.



HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Product status

Default status
unaffected

11.1.0
unaffected

11.0.0 before 11.0.3
affected

10.2.0 before 10.2.5
affected

10.1.0 before 10.1.11
affected

9.1.0
unaffected

9.0.0
unaffected

Default status
unaffected

All
unaffected

Default status
unaffected

All
unaffected

Timeline

2024-04-10:Initial publication

Credits

Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue. finder

References

https://security.paloaltonetworks.com/CVE-2024-3383

cve.org CVE-2024-3383

nvd.nist.gov CVE-2024-3383

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3383
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.