Description
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
References (1)
Core 1
Core References
Vendor Advisory
https://security.paloaltonetworks.com/CVE-2024-3386
Scores
CVSS v3
5.3
EPSS
0.0043
EPSS Percentile
34.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-436
Status
published
Products (17)
Palo Alto Networks/Cloud NGFW
All
Palo Alto Networks/PAN-OS
10.0.0 - 10.0.13
Palo Alto Networks/PAN-OS
10.1.0 - 10.1.10
Palo Alto Networks/PAN-OS
10.1.0 - 10.1.9-h3
Palo Alto Networks/PAN-OS
10.2.0 - 10.2.4-h2
Palo Alto Networks/PAN-OS
10.2.0 - 10.2.5
Palo Alto Networks/PAN-OS
11.0.0 - 11.0.1-h2
Palo Alto Networks/PAN-OS
11.0.0 - 11.0.2
Palo Alto Networks/PAN-OS
11.1.0
Palo Alto Networks/PAN-OS
9.0.0 - 9.0.17-h2
... and 7 more
Published
Apr 10, 2024
Tracked Since
Feb 18, 2026