CVE-2024-9474

Summary

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.4-h1affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.5-h1affected
Palo Alto NetworksPAN-OS11.0.0 < 11.0.6-h1affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.12-h2affected
Palo Alto NetworksPAN-OS10.1.0 < 10.1.14-h6affected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Workarounds

Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet. Review information about how to secure management access to your Palo Alto Networks firewalls:

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References