/

CVE-2024-3388 Report - Details, Severity, & Advisories

CVE-2024-3388 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3388 is a medium-severity vulnerability found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software. It allows an authenticated attacker to impersonate another user and send network packets to internal assets, but not receive response packets from those assets. This vulnerability affects systems running Palo Alto Networks PAN-OS software and using the GlobalProtect Gateway, though specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-3388 vulnerability, check your PAN-OS firewall configurations. If you have an enabled GlobalProtect gateway and permit the use of SSL VPN either as a fallback or as the only available tunnel mode, you may be at risk. Verify this by looking for entries in your firewall web interface (Network > GlobalProtect > Gateways). The vulnerability affects certain versions of PAN-OS software, but no specific Apple product versions are mentioned in the available sources.

What should I do if I'm affected?

If you're affected by the CVE-2024-3388 vulnerability, update your PAN-OS software to a fixed version, such as PAN-OS 8.1.26, 9.0.17-h4, or 10.1.11-h4. If you can't update immediately, enable "Disable Automatic Restoration of SSL VPN" in your firewall's GlobalProtect Gateway Configuration as a temporary workaround.

Is CVE-2024-3388 in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-3388 is in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, was added on April 10, 2024. However, no due date or required action is provided. In simple terms, this security issue allows a bad actor with access to the system to pretend to be another user and send messages to internal parts of the system, but they won't receive any responses back. The issue has been fixed in later versions of the software.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 nvolves improper privilege management and CWE-863 incorrect authorization, allowing an attacker to impersonate users and send network packets to internal assets.

For more details

CVE-2024-3388 is a medium-severity vulnerability in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, allowing authenticated attackers to impersonate users and send network packets to internal assets. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-3388 Report - Details, Severity, & Advisories

CVE-2024-3388 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3388 is a medium-severity vulnerability found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software. It allows an authenticated attacker to impersonate another user and send network packets to internal assets, but not receive response packets from those assets. This vulnerability affects systems running Palo Alto Networks PAN-OS software and using the GlobalProtect Gateway, though specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-3388 vulnerability, check your PAN-OS firewall configurations. If you have an enabled GlobalProtect gateway and permit the use of SSL VPN either as a fallback or as the only available tunnel mode, you may be at risk. Verify this by looking for entries in your firewall web interface (Network > GlobalProtect > Gateways). The vulnerability affects certain versions of PAN-OS software, but no specific Apple product versions are mentioned in the available sources.

What should I do if I'm affected?

If you're affected by the CVE-2024-3388 vulnerability, update your PAN-OS software to a fixed version, such as PAN-OS 8.1.26, 9.0.17-h4, or 10.1.11-h4. If you can't update immediately, enable "Disable Automatic Restoration of SSL VPN" in your firewall's GlobalProtect Gateway Configuration as a temporary workaround.

Is CVE-2024-3388 in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-3388 is in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, was added on April 10, 2024. However, no due date or required action is provided. In simple terms, this security issue allows a bad actor with access to the system to pretend to be another user and send messages to internal parts of the system, but they won't receive any responses back. The issue has been fixed in later versions of the software.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 nvolves improper privilege management and CWE-863 incorrect authorization, allowing an attacker to impersonate users and send network packets to internal assets.

For more details

CVE-2024-3388 is a medium-severity vulnerability in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, allowing authenticated attackers to impersonate users and send network packets to internal assets. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-3388 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3388 is a medium-severity vulnerability found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software. It allows an authenticated attacker to impersonate another user and send network packets to internal assets, but not receive response packets from those assets. This vulnerability affects systems running Palo Alto Networks PAN-OS software and using the GlobalProtect Gateway, though specific system types are not detailed.

How do I know if I'm affected?

To determine if you're affected by the CVE-2024-3388 vulnerability, check your PAN-OS firewall configurations. If you have an enabled GlobalProtect gateway and permit the use of SSL VPN either as a fallback or as the only available tunnel mode, you may be at risk. Verify this by looking for entries in your firewall web interface (Network > GlobalProtect > Gateways). The vulnerability affects certain versions of PAN-OS software, but no specific Apple product versions are mentioned in the available sources.

What should I do if I'm affected?

If you're affected by the CVE-2024-3388 vulnerability, update your PAN-OS software to a fixed version, such as PAN-OS 8.1.26, 9.0.17-h4, or 10.1.11-h4. If you can't update immediately, enable "Disable Automatic Restoration of SSL VPN" in your firewall's GlobalProtect Gateway Configuration as a temporary workaround.

Is CVE-2024-3388 in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-3388 is in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, was added on April 10, 2024. However, no due date or required action is provided. In simple terms, this security issue allows a bad actor with access to the system to pretend to be another user and send messages to internal parts of the system, but they won't receive any responses back. The issue has been fixed in later versions of the software.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 nvolves improper privilege management and CWE-863 incorrect authorization, allowing an attacker to impersonate users and send network packets to internal assets.

For more details

CVE-2024-3388 is a medium-severity vulnerability in the GlobalProtect Gateway of Palo Alto Networks PAN-OS software, allowing authenticated attackers to impersonate users and send network packets to internal assets. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the sources listed below.