{"cve":{"cve_id":"CVE-2024-3387","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0017,"epss_percentile":0.06621,"epss_as_of":"2026-06-23","description":"A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.","published_at":"2024-04-10T17:06:36.676000Z","last_modified_at":null,"cvss_v3_score":5.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-326"],"nvd_references":["https://security.paloaltonetworks.com/CVE-2024-3387"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:03:22.129226Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cloud-ngfw","product_name":"Cloud NGFW","version_start":"All","version_start_inclusive":true,"version_end":"All","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cloud-ngfw:All:All"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"9.1.0","version_start_inclusive":true,"version_end":"9.1.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:pan-os:9.1.0:9.1.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"10.1.0","version_start_inclusive":true,"version_end":"10.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:pan-os:10.1.0:10.1.12"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"10.2.0","version_start_inclusive":true,"version_end":"10.2.7-h3","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:pan-os:10.2.0:10.2.7-h3"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"10.2.0","version_start_inclusive":true,"version_end":"10.2.8","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:pan-os:10.2.0:10.2.8"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"11.0.0","version_start_inclusive":true,"version_end":"11.0.4","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:pan-os:11.0.0:11.0.4"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"11.1.0","version_start_inclusive":true,"version_end":"11.1.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:pan-os:11.1.0:11.1.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"pan-os","product_name":"pan-os","version_start":"9.0.0","version_start_inclusive":true,"version_end":"9.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:pan-os:9.0.0:9.0.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"prisma-access","product_name":"Prisma Access","version_start":"All","version_start_inclusive":true,"version_end":"All","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:prisma-access:All:All"}],"exploit_refs":[],"news":[],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-3387","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-04-10T17:06:36.676000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:36:50.884600Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:36:50.884600Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:36:50.884600Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:03:22.129226Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:03:22.129226Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:03:22.129226Z","label":"SSVC decision revised","source":"vulnrichment"}]}