9.8
CVSSv3

CVE-2024-0012

Published: 18/11/2024 Updated: 29/11/2024

Vulnerability Summary

Authentication Bypass in PAN-OS: Unauthenticated Admin Privilege Risk

There is an authentication bypass issue in Palo Alto Networks PAN-OS software. An attacker without authentication but with network access to the management web interface can get PAN-OS admin privileges. This lets them do admin tasks, change settings, or use privilege escalation vulnerabilities like CVE-2024-9474. The risk is much lower if you secure the management web interface. Allow only trusted internal IP addresses to access it, following the best practice guidelines. This problem affects only PAN-OS versions 10.2, 11.0, 11.1, and 11.2. Cloud NGFW and Prisma Access are not affected by this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paloaltonetworks pan-os

paloaltonetworks pan-os 10.2.12

paloaltonetworks pan-os 11.0.6

paloaltonetworks pan-os 11.1.5

paloaltonetworks pan-os 11.2.4

Github Repositories

PANW NGFW CVE-2024-0012

CVE-2024-0012 PANW NGFW CVE-2024-0012

cve-2024-0012-poc 这是一个实际的概念验证 (POC),灵感来自于这篇文章。 使用方式如下: python3 cve-2024-0012-pan-os-pocpy --url "目标系统" --no-verify 注意:如果 SSL 无法验证或证书已过期,可以加上 --no-verify 参数,否则不要使用此参数。

CVE-2024-9474 Python script generated from the blog post : labswatchtowrcom/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/?123 It's all described there

Palo Alto CVE-2024-9474 Exploit POC

CVE-2024-9474 Palo Alto CVE-2024-9474 THIS POC IS UNTESTED, USE AT YOUR OWN RISK Use responsibly and legally unit42paloaltonetworkscom/cve-2024-0012-cve-2024-9474/

CVE-2024-0012 and CVE-2024-9474 Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) and Authenticated Command Injection in Palo Alto PAN-OS See our blog post for technical details Affected Versions TBD Exploit authors This exploit was written by Sonny of watchTowr (@watchtowrcyber) Follow watchTowr Labs For the latest

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC

CVE-2024-0012 an authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities

🔥 List of security research and articles!

awesome-security-research 安全事件 俄罗斯APT运用最新‘最近邻’攻击策略 微软打击ONNX钓鱼即服务平台 帕洛阿尔托网络双零日漏洞大规模利用事件 福特公司重大数据泄露事件 恶意二维码信件引发银行木马攻击 朝鲜黑客组织拉撒路:利用Chrome零日漏洞攻击加密货币领域 苹果修复两大零

Palo Alto CVE-2024-0012 Exploit POC

CVE-2024-0012 Palo Alto CVE-2024-0012 Exploit POC Untested POC, please use legally and responsibly, at your own risk

Recent Articles

Over 2,000 Palo Alto firewalls hacked using recently patched bugs
BleepingComputer • Sergiu Gatlan • 21 Nov 2024

Over 2,000 Palo Alto firewalls hacked using recently patched bugs By Sergiu Gatlan November 21, 2024 02:46 PM 0 Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. The two security flaws are an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges and a PAN-OS privilege escalation (CVE-2024-9474) that helps them run ...

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
BleepingComputer • Bill Toulas • 19 Nov 2024

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks By Bill Toulas November 19, 2024 04:18 PM 0 The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first re...

Palo Alto Networks patches two firewall zero-days used in attacks
BleepingComputer • Sergiu Gatlan • 18 Nov 2024

Palo Alto Networks patches two firewall zero-days used in attacks By Sergiu Gatlan November 18, 2024 03:50 PM 0 Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user inter...

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more

Updated Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware. Roughly 2,000 devices had been hijacked as of Wednesday - a day after Palo Alto Networks pushed a patch for the holes - according to Shadowserver and Onyphe. As of Thursday, the number of seemingly compromised devices had droppe...

Palo Alto Networks tackles firewall-busting zero-days with critical patches
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Amazing that these two bugs got into a production appliance, say researchers

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-days. The first, tracked as CVE-2024-0012, an authentication bypass bug, has a 9.3 (critical) severity rating, and users are encouraged to upgrade to one of the many patched maintenance versions of PAN-OS with the highest degree of urgency. The second, CVE-2024-9474, carries a less severe 6.9 (medium) ...