CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-0012

CVSS 9.3v4.0pub. 2024-11-18upd. 2025-11-04

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red
  • Palo Alto Networks PAN-OS

    OS
    Paloaltonetworks
    10.2.010.2.110.2.1010.2.1110.2.1210.2.210.2.310.2.410.2.510.2.610.2.710.2.810.2.911.0.011.0.1+ 16 więcej

CISA KEV — detailsi

Vendori
Palo Alto Networks
Producti
PAN-OS
Added to KEVi
November 18, 2024
Remediation deadline (US Federal)i
December 9, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

CISA descriptioni

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 9 grudnia 2024
Tags
Auth BypassLPEFirewall
CWE
References

Related vulnerabilities

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2024-3400CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE jako root w GlobalProtect — command injection w PAN-OS

CVE-2020-2021CRITICAL10.0⚠ KEVten sam produkt

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider C...

CVE-2017-15944CRITICAL9.8⚠ KEVten sam produkt

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allo...

CVE-2021-3064CRITICAL9.8ten sam produkt

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces tha...