Skip to main content

Palo Alto PAN-OS Multiple vulnerabilities

Release Date: 19 Nov 2024 4160 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Palo Alto PAN-OS. A remote user could exploit these vulnerabilities to trigger elevation of privilege and security restriction bypass on the targeted system.

 

Note: CVE-2024-0012 and CVE-2024-9474 are actively exploited in the wild. 

CVE-2024-9474 allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. 

CVE-2024-0012 enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474. 


Impact

  • Elevation of Privilege
  • Security Restriction Bypass

System / Technologies affected

  • PAN-OS 10.1 versions earlier than PAN-OS 10.1.14-h6
  • PAN-OS 10.2 versions earlier than PAN-OS 10.2.12-h2
  • PAN-OS 11.0 versions earlier than PAN-OS 11.0.6-h1
  • PAN-OS 11.1 versions earlier than PAN-OS 11.1.5-h1
  • PAN-OS 11.2 versions earlier than PAN-OS 11.2.4-h1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 


Vulnerability Identifier


Source


Related Link