CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
Versions | Affected | Unaffected |
---|---|---|
Cloud NGFW | None | All |
PAN-OS 11.1 | None | All |
PAN-OS 11.0 | < 11.0.2 | >= 11.0.2 |
PAN-OS 10.2 | < 10.2.5 | >= 10.2.5 |
PAN-OS 10.1 | < 10.1.10-h4, < 10.1.11 | >= 10.1.10-h4, >= 10.1.11 |
PAN-OS 10.0 | < 10.0.12-h4, < 10.0.13 | >= 10.0.12-h4, >= 10.0.13 |
PAN-OS 9.1 | < 9.1.17 | >= 9.1.17 |
PAN-OS 9.0 | < 9.0.17-h4, < 9.0.18 | >= 9.0.17-h4, >= 9.0.18 |
Prisma Access | None | All |
CVSSv4.0 Base Score: 5.4 (CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Green)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
CWE-613 Insufficient Session Expiration
This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.0.12-h4, PAN-OS 10.1.10-h4, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.
Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.