We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-0012

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)



Assignerpalo_alto
Reserved2023-11-09
Published2024-11-18
Updated2024-11-19

Description

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.



CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
MEDIUM: 5.9CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CISA Known Exploited Vulnerability

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Product status

Default status
unaffected

All
unaffected

Default status
unaffected

11.2.0 before 11.2.4-h1
affected

11.1.0 before 11.1.5-h1
affected

11.0.0 before 11.0.6-h1
affected

10.2.0 before 10.2.12-h2
affected

10.1.0
unaffected

Default status
unaffected

All
unaffected

Timeline

2024-11-18:CVE-2024-0012 assigned to this publication as the vulnerability is identified and fixed
2024-11-15:Answered a FAQ about indicators of compromise
2024-11-14:Raised the severity of PAN-SA-2024-0015 bulletin as we have observed threat activity
2024-11-11:Added instructions to find your devices with an internet-facing management interface discovered in our scans
2024-11-08:Initially published as PAN-SA-2024-0015

Credits

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity. finder

References

https://security.paloaltonetworks.com/CVE-2024-0012 vendor-advisory

cve.org CVE-2024-0012

nvd.nist.gov CVE-2024-0012

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-0012
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.