CVE-2024-3386 | THREATINT

Description

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

PUBLISHED Reserved 2024-04-05 | Published 2024-04-10 | Updated 2024-08-01 | Assigner palo_alto

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-436 Interpretation Conflict

Product status

Default status

unaffected

9.0.0 before 9.0.17-h2

affected

9.1.0 before 9.1.17

affected

10.0.0 before 10.0.13

affected

10.1.0 before 10.1.9-h3

affected

10.1.0 before 10.1.10

affected

10.2.0 before 10.2.4-h2

affected

10.2.0 before 10.2.5

affected

11.0.0 before 11.0.1-h2

affected

11.0.0 before 11.0.2

affected

11.1.0

unaffected

Default status

unaffected

All

unaffected

Default status

unaffected

All

unaffected

Timeline

2024-04-10:

Initial publication

Credits

Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue. finder

References

security.paloaltonetworks.com/CVE-2024-3386

cve.org (CVE-2024-3386)

nvd.nist.gov (CVE-2024-3386)

Download JSON