CVE-2024-5918: 
PAN-OS vulnerability analysis and mitigation

CVE-2024-5918 is an improper certificate validation vulnerability discovered in Palo Alto Networks PAN-OS software, disclosed on November 13, 2024. The vulnerability affects PAN-OS versions 10.1 (< 10.1.11), 10.2 (< 10.2.4-h5), and 11.0 (< 11.0.3). This security flaw enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user (PAN Advisory).

The vulnerability is classified as CWE-295 (Improper Certificate Validation) and CAPEC-151 (Identity Spoofing). It has been assigned a CVSS 4.0 Base Score of 5.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:U/AU:N/R:A/V:C/RE:M/U:Amber. The issue only impacts systems where GlobalProtect portal or gateway is configured to use Client Certificate Authentication with the 'Allow Authentication with User Credentials OR Client Certificate' option set to 'Yes' (PAN Advisory).

When exploited, this vulnerability allows an authorized user to impersonate a different legitimate user on the GlobalProtect portal or gateway. The impact is limited to environments where specific authentication configurations are in place, particularly those using client certificate authentication with the option to allow authentication with user credentials or client certificates (PAN Advisory).

The vulnerability has been fixed in PAN-OS versions 10.1.11, 10.2.4-h5, 10.2.5, 11.0.3, and all later PAN-OS versions. As a workaround, administrators can mitigate this issue by setting the 'Allow Authentication with User Credentials OR Client Certificate' option to 'No' (PAN Advisory).