Palo Alto PAN-OS Multiple vulnerabilities
Multiple vulnerabilities were identified in Palo Alto PAN-OS. A remote user could exploit these vulnerabilities to trigger elevation of privilege and security restriction bypass on the targeted system.
Note: CVE-2024-0012 and CVE-2024-9474 are actively exploited in the wild.
CVE-2024-9474 allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
CVE-2024-0012 enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474.
RISK: High Risk
TYPE: Security software and application – Security Software & Appliance
Impact
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- PAN-OS 10.1 versions earlier than PAN-OS 10.1.14-h6
- PAN-OS 10.2 versions earlier than PAN-OS 10.2.12-h2
- PAN-OS 11.0 versions earlier than PAN-OS 11.0.6-h1
- PAN-OS 11.1 versions earlier than PAN-OS 11.1.5-h1
- PAN-OS 11.2 versions earlier than PAN-OS 11.2.4-h1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. For detail, please refer to the link below:
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
