CVE-2024-3386

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-3386	Vendor Advisory
https://security.paloaltonetworks.com/CVE-2024-3386	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-::::::

History

24 Jan 2025, 15:58

Type	Values Removed	Values Added
CPE		cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1::::::
References	~~() https://security.paloaltonetworks.com/CVE-2024-3386 -~~	() https://security.paloaltonetworks.com/CVE-2024-3386 - Vendor Advisory
First Time		Paloaltonetworks Paloaltonetworks pan-os

Information

Published : 2024-04-10 17:15

Updated : 2025-01-24 15:58

NVD link : CVE-2024-3386

Mitre link : CVE-2024-3386

CVE.ORG link : CVE-2024-3386

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-436

Interpretation Conflict

{"id": "CVE-2024-3386", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-10T17:15:57.593", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-3386", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2024-3386", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-436"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-436"}]}], "descriptions": [{"lang": "en", "value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption."}, {"lang": "es", "value": "Una vulnerabilidad de comparaci\u00f3n de cadenas incorrecta en el software PAN-OS de Palo Alto Networks impide que las exclusiones de descifrado predefinidas funcionen como est\u00e1 previsto. Esto puede provocar que el tr\u00e1fico destinado a dominios que no est\u00e1n especificados en las exclusiones de descifrado predefinidas se excluya involuntariamente del descifrado."}], "lastModified": "2025-01-24T15:58:52.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3757E3-17C0-4D42-A31A-78F40A774F41", "versionEndExcluding": "9.0.16", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB", "versionEndExcluding": "9.1.17", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49DA2985-ADAA-4B26-B015-8B49D783B6D2", "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B759077-C985-4005-8907-32E0C6CDFC10", "versionEndIncluding": "10.1.8", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5", "versionEndExcluding": "10.2.4", "versionStartIncluding": "10.2.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77DF6A1B-2E69-4216-8740-3B1FF95E15A0", "versionEndExcluding": "11.0.1", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDAE9753-EF8D-4B15-A73C-0EF56FE6C78C"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A142EE1-E516-4582-9A7E-6E4C74FB3991"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E22763-558D-4B53-9452-BBD0C07366D9"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5B9B574-5F3D-46B5-B9D8-2015997A63D5"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "135588B5-6771-46A3-98B0-39B4873FD6FD"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10A69DAE-5AD5-4E1C-9DF0-C7B7BB023B66"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}