CVE-2024-3383 HIGH

CVE-2024-3383: PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-282
Published April 10, 2024
Last update August 9, 2024

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.

Key dates

02Disclosure timeline

April 10, 2024 CVE published
August 9, 2024 Record updated