CVE-2024-2433 MEDIUM

CVE-2024-2433: PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-269
Published March 13, 2024
Last update May 13, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

Key dates

02Disclosure timeline

March 13, 2024 CVE published
May 13, 2026 Record updated