CVE-2024-9474
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
Summary
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW | All | unaffected |
| Palo Alto Networks | PAN-OS | 11.2.0 < 11.2.4-h1 | affected |
| Palo Alto Networks | PAN-OS | 11.1.0 < 11.1.5-h1 | affected |
| Palo Alto Networks | PAN-OS | 11.0.0 < 11.0.6-h1 | affected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.12-h2 | affected |
| Palo Alto Networks | PAN-OS | 10.1.0 < 10.1.14-h6 | affected |
| Palo Alto Networks | Prisma Access | All | unaffected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Workarounds
Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet. Review information about how to secure management access to your Palo Alto Networks firewalls:
- Palo Alto Networks LIVEcommunity article: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
- https://github.com/k4nfr3/CVE-2024-9474
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.