/

CVE-2024-2431 Report - Details, Severity, & Advisories

CVE-2024-2431 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, which allows a non-privileged user to disable the app without needing a passcode in certain configurations. This issue impacts systems running vulnerable versions of the GlobalProtect app, but specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-2431 vulnerability, check if your GlobalProtect app is configured to allow users to disable it with a passcode. If a non-privileged user can disable the app without needing the passcode, you might be affected. Unfortunately, specific affected versions of the GlobalProtect app or Apple products are not provided in the available sources. Keep in mind that this vulnerability has a medium severity rating, so it's essential to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the CVE-2024-2431 vulnerability, update your GlobalProtect app to versions 5.1.12, 5.2.13, 6.0.4, 6.1.1, or later. Additionally, change the "Allow User to Disable GlobalProtect App" setting in your firewall web interface to "Disallow" or "Allow with Ticket."

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-2431 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue in the GlobalProtect app allows a user without special permissions to turn off the app without needing a passcode, if the app's settings allow it to be turned off with a passcode. The issue has been fixed in later versions of the app.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 involves improper privilege management, allowing non-privileged users to disable the GlobalProtect app in certain configurations.

For more details

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, allowing non-privileged users to disable the app in certain configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-2431 Report - Details, Severity, & Advisories

CVE-2024-2431 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, which allows a non-privileged user to disable the app without needing a passcode in certain configurations. This issue impacts systems running vulnerable versions of the GlobalProtect app, but specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-2431 vulnerability, check if your GlobalProtect app is configured to allow users to disable it with a passcode. If a non-privileged user can disable the app without needing the passcode, you might be affected. Unfortunately, specific affected versions of the GlobalProtect app or Apple products are not provided in the available sources. Keep in mind that this vulnerability has a medium severity rating, so it's essential to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the CVE-2024-2431 vulnerability, update your GlobalProtect app to versions 5.1.12, 5.2.13, 6.0.4, 6.1.1, or later. Additionally, change the "Allow User to Disable GlobalProtect App" setting in your firewall web interface to "Disallow" or "Allow with Ticket."

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-2431 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue in the GlobalProtect app allows a user without special permissions to turn off the app without needing a passcode, if the app's settings allow it to be turned off with a passcode. The issue has been fixed in later versions of the app.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 involves improper privilege management, allowing non-privileged users to disable the GlobalProtect app in certain configurations.

For more details

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, allowing non-privileged users to disable the app in certain configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-2431 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, which allows a non-privileged user to disable the app without needing a passcode in certain configurations. This issue impacts systems running vulnerable versions of the GlobalProtect app, but specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-2431 vulnerability, check if your GlobalProtect app is configured to allow users to disable it with a passcode. If a non-privileged user can disable the app without needing the passcode, you might be affected. Unfortunately, specific affected versions of the GlobalProtect app or Apple products are not provided in the available sources. Keep in mind that this vulnerability has a medium severity rating, so it's essential to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the CVE-2024-2431 vulnerability, update your GlobalProtect app to versions 5.1.12, 5.2.13, 6.0.4, 6.1.1, or later. Additionally, change the "Allow User to Disable GlobalProtect App" setting in your firewall web interface to "Disallow" or "Allow with Ticket."

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-2431 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue in the GlobalProtect app allows a user without special permissions to turn off the app without needing a passcode, if the app's settings allow it to be turned off with a passcode. The issue has been fixed in later versions of the app.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 involves improper privilege management, allowing non-privileged users to disable the GlobalProtect app in certain configurations.

For more details

CVE-2024-2431 is a medium-severity vulnerability affecting the Palo Alto Networks GlobalProtect app, allowing non-privileged users to disable the app in certain configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the links below.