PatchSiren cyber security CVE debrief
CVE-2024-3388 Siemens CVE debrief
CVE-2024-3388 is a medium-severity vulnerability affecting the GlobalProtect Gateway in Palo Alto Networks PAN-OS software. The vulnerability enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, the attacker cannot receive response packets from those internal assets, limiting the attack's effectiveness to one-way communication. This vulnerability was published on April 9, 2024, and last modified on May 13, 2025. Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW are affected by this vulnerability. The CVSS 3.1 score is 4.1 (Medium), with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N, indicating network attack vector, low attack complexity, low privileges required, user interaction required, scope change, with low impact on integrity and no impact on confidentiality or availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 4.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly in industrial control system (ICS) and operational technology (OT) environments. Security teams responsible for GlobalProtect Gateway configurations, network administrators managing remote access VPN infrastructure, and OT security practitioners concerned with authenticated attack vectors in perimeter security appliances should prioritize this vulnerability for remediation.
Technical summary
CVE-2024-3388 exists in the GlobalProtect Gateway component of Palo Alto Networks PAN-OS software. An authenticated attacker can exploit this vulnerability to impersonate another user and transmit network packets to internal assets. The vulnerability is constrained by the fact that the attacker cannot receive response packets, making this a one-way communication channel rather than a full bidirectional tunnel. The attack requires network access, low privileges, and user interaction. The scope changes during exploitation. The vulnerability has low integrity impact with no confidentiality or availability impact. Affected deployments include Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. The remediation is to upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 on affected Siemens RUGGEDCOM APE1808 devices
- Contact Palo Alto Networks or Siemens customer support to receive patch and update information
- Review and validate user authentication mechanisms for GlobalProtect Gateway deployments
- Monitor network traffic for anomalous outbound connections from GlobalProtect Gateway that may indicate impersonation attempts
- Implement network segmentation to limit lateral movement in case of successful exploitation
- Apply defense-in-depth strategies for industrial control systems as recommended by CISA
Evidence notes
The vulnerability description and remediation details are sourced from CISA CSAF advisory ICSA-24-102-04. The affected product is Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW. The vendor fix requires upgrading to Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information.
Official resources
-
CVE-2024-3388 CVE record
CVE.org
-
CVE-2024-3388 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09