#VU86541 Insufficient Session Expiration in Palo Alto PAN-OS - CVE-2024-0008

Cybersecurity Help s.r.o.

Published: 2024-02-15

Vulnerability identifier: #VU86541

Vulnerability risk: Low

CVSSv4.0: [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0008

CWE-ID: CWE-613

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor: Palo Alto Networks, Inc.

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue in the management interface. An attacker with physical access can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 9.0 - 9.0.17, 9.1 - 9.1.16, 10.0 - 10.0.12, 10.1 - 10.1.10, 10.2 - 10.2.4, 11.0.0 - 11.0.1

External links
http://security.paloaltonetworks.com/CVE-2024-0008

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens RUGGEDCOM APE1808

Insufficient Session Expiration in Palo Alto PAN-OS