CVE-2024-5918— Palo Alto Networks PAN-OS 信任管理问题漏洞

PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

N/A

证书验证不恰当

Palo Alto Networks PAN-OS 信任管理问题漏洞

Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在信任管理问题漏洞，该漏洞源于存在不正确的证书验证漏洞，拥有特制客户端证书的授权用户能够以其他合法用户的身份连接到受影响的门户或网关。

N/A

N/A