vulnerability

Palo Alto Networks PAN-OS: CVE-2024-2433: PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Mar 13, 2024	Jan 7, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Mar 13, 2024

Added

Jan 7, 2025

Modified

Jul 2, 2025

Description

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.

This issue affects only the web interface of the management plane; the dataplane is unaffected.

Solution

palo-alto-networks-pan-os-upgrade-latest

References

CWE-269
CVE-2024-2433
https://attackerkb.com/topics/CVE-2024-2433
URL-https://security.paloaltonetworks.com/CVE-2024-2433

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today