CVE-2024-0008: 
PAN-OS vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-0008 affects the web session management in Palo Alto Networks PAN-OS software. The issue was discovered and reported by Brian Yaklin, and was publicly disclosed on February 14, 2024. The vulnerability affects multiple versions of PAN-OS, including versions 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0, while Cloud NGFW and Prisma Access are not affected (Palo Advisory).

The vulnerability is classified as CWE-613 (Insufficient Session Expiration) where web sessions in the management interface fail to expire under certain conditions. The severity is rated as MEDIUM with a CVSS v3.1 base score of 6.6 according to Palo Alto Networks, while the NVD rates it as HIGH with a base score of 8.8. The vulnerability requires physical access to exploit and has low attack complexity (Palo Advisory, NVD).

If exploited, this vulnerability could lead to unauthorized access to the management interface. The vulnerability affects product confidentiality, integrity, and availability at high levels, though subsequent impacts are rated as none. The attack requires physical access and passive user interaction (Palo Advisory).

The vulnerability has been fixed in PAN-OS versions 9.0.17-h2, 9.1.17, 10.0.12-h1, 10.1.10-h1, 10.2.5, 11.0.2, and all later PAN-OS versions. As a workaround, organizations should ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface (Palo Advisory).