CVE-2024-3387

MEDIUM

Palo Alto Networks Panorama - Info Disclosure

Title source: llm

Description

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2024-3387

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 31.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-326

Status published

Products (2)

paloaltonetworks/pan-os 10.2.7 h1 (6 CPE variants)

paloaltonetworks/pan-os 10.1.0 - 10.1.12

Published Apr 10, 2024

Tracked Since Feb 18, 2026