CVE-2024-9474 | THREATINT

Assigner	palo_alto
Reserved	2024-10-03
Published	2024-11-18
Updated	2024-11-19

Description

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

MEDIUM: 6.9	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
MEDIUM: 5.9	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CISA Known Exploited Vulnerability

Date added: 2024-11-18
Due date: 2024-12-09

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Product status

Default status

unaffected

All

unaffected

Default status

unaffected

11.2.0 before 11.2.4-h1

affected

11.1.0 before 11.1.5-h1

affected

11.0.0 before 11.0.6-h1

affected

10.2.0 before 10.2.12-h2

affected

10.1.0 before 10.1.14-h6

affected

Default status

unaffected

All

unaffected

Timeline

2024-11-18:

Initial publication

Credits

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity. finder

References

https://security.paloaltonetworks.com/CVE-2024-9474 vendor-advisory

cve.org CVE-2024-9474

nvd.nist.gov CVE-2024-9474

Download JSON