CVE-2024-0009: 
PAN-OS vulnerability analysis and mitigation

An improper verification vulnerability (CVE-2024-0009) was discovered in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software. The vulnerability was disclosed on February 14, 2024, and affects PAN-OS versions 10.2.0 through 10.2.4 and version 11.0.0. This security flaw enables malicious users with stolen credentials to establish VPN connections from unauthorized IP addresses (Palo Alto Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. It is classified under CWE-940 (Improper Verification of Source of a Communication Channel) and CWE-346 (Origin Validation Error). The issue specifically affects PAN-OS firewall configurations with GlobalProtect gateway enabled, which can be verified through the firewall web interface under Network > GlobalProtect > Gateways (NVD, Palo Alto Advisory).

The vulnerability allows attackers with compromised credentials to bypass IP-based access controls and establish unauthorized VPN connections to the affected systems. This could potentially lead to unauthorized access to network resources and compromise of security controls (Palo Alto Advisory).

The vulnerability has been fixed in PAN-OS versions 10.2.4, 11.0.1, and all later PAN-OS releases. Organizations running affected versions should upgrade to the patched versions. The issue only affects systems with GlobalProtect gateway enabled (Palo Alto Advisory).