Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NDefault status
unaffected
9.0.0 (custom) before 9.0.17-h2
affected
9.1.0 (custom) before 9.1.17
affected
10.0.0 (custom) before 10.0.13
affected
10.1.0 (custom) before 10.1.9-h3
affected
10.1.0 (custom) before 10.1.10
affected
10.2.0 (custom) before 10.2.4-h2
affected
10.2.0 (custom) before 10.2.5
affected
11.0.0 (custom) before 11.0.1-h2
affected
11.0.0 (custom) before 11.0.2
affected
11.1.0
unaffected
Default status
unaffected
All
unaffected
Default status
unaffected
All
unaffected
Description
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Problem types
CWE-436 Interpretation Conflict
Product status
9.0.0 (custom) before 9.0.17-h2
9.1.0 (custom) before 9.1.17
10.0.0 (custom) before 10.0.13
10.1.0 (custom) before 10.1.9-h3
10.1.0 (custom) before 10.1.10
10.2.0 (custom) before 10.2.4-h2
10.2.0 (custom) before 10.2.5
11.0.0 (custom) before 11.0.1-h2
11.0.0 (custom) before 11.0.2
11.1.0
All
All
Timeline
| 2024-04-10: | Initial publication |
Credits
Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue.
References
security.paloaltonetworks.com/CVE-2024-3386
security.paloaltonetworks.com/CVE-2024-3386
