Authentication Bypass in PAN-OS: Unauthenticated Admin Privilege Risk
There is an authentication bypass issue in Palo Alto Networks PAN-OS software. An attacker without authentication but with network access to the management web interface can get PAN-OS admin privileges. This lets them do admin tasks, change settings, or use privilege escalation vulnerabilities like CVE-2024-9474.
The risk is much lower if you secure the management web interface. Allow only trusted internal IP addresses to access it, following the best practice guidelines.
This problem affects only PAN-OS versions 10.2, 11.0, 11.1, and 11.2.
Cloud NGFW and Prisma Access are not affected by this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
paloaltonetworks pan-os |
||
paloaltonetworks pan-os 10.2.12 |
||
paloaltonetworks pan-os 11.0.6 |
||
paloaltonetworks pan-os 11.1.5 |
||
paloaltonetworks pan-os 11.2.4 |
Over 2,000 Palo Alto firewalls hacked using recently patched bugs By Sergiu Gatlan November 21, 2024 02:46 PM 0 Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. The two security flaws are an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges and a PAN-OS privilege escalation (CVE-2024-9474) that helps them run ...
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks By Bill Toulas November 19, 2024 04:18 PM 0 The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first re...
Palo Alto Networks patches two firewall zero-days used in attacks By Sergiu Gatlan November 18, 2024 03:50 PM 0 Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user inter...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
Updated Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware. Roughly 2,000 devices had been hijacked as of Wednesday - a day after Palo Alto Networks pushed a patch for the holes - according to Shadowserver and Onyphe. As of Thursday, the number of seemingly compromised devices had droppe...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Amazing that these two bugs got into a production appliance, say researchers
Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-days. The first, tracked as CVE-2024-0012, an authentication bypass bug, has a 9.3 (critical) severity rating, and users are encouraged to upgrade to one of the many patched maintenance versions of PAN-OS with the highest degree of urgency. The second, CVE-2024-9474, carries a less severe 6.9 (medium) ...