Palo Alto Networks Security Advisories /CVE-2024-8691CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect PortalUrgencyMODERATEResponse EffortMODERATERecoveryAUTOMATICValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableYESUser InteractionNONEProduct ConfidentialityLOWProduct IntegrityLOWProduct AvailabilityLOWPrivileges RequiredLOWSubsequent ConfidentialityLOWSubsequent IntegrityLOWSubsequent AvailabilityLOWNVDJSON Published2024-09-11 Updated2024-09-11ReferencePAN-219031 andPAN-192893DiscoveredexternallyDescriptionA vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.Product StatusVersionsAffectedUnaffectedCloud NGFW NoneAllPAN-OS 11.2NoneAllPAN-OS 11.1NoneAllPAN-OS 11.0NoneAllPAN-OS 10.2NoneAllPAN-OS 10.1< 10.1.11>= 10.1.11PAN-OS 9.1< 9.1.17>= 9.1.17Prisma Access NoneAllSeverity:MEDIUMCVSSv4.0Base Score:5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/V:D/RE:M/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-863 Incorrect AuthorizationSolutionThis issue is fixed in PAN-OS 9.1.17, PAN-OS 10.1.11, and all later PAN-OS versions.AcknowledgmentsPalo Alto Networks thanks Claudiu Pancotan for discovering and reporting this issue.Timeline2024-09-11Initial publication
