CVE-2024-5918
CVSS V2 None
CVSS V3 None
Description
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
Overview
- CVE ID
- CVE-2024-5918
- Assigner
- palo_alto
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T09:38:29.319Z
- Last Modified Date
- 2024-11-14T19:35:53.159Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5918 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5918 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5918 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-15 13:20:21 | Added to TrackCVE |