Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software
CVE-2024-0012
Key Information:
- Vendor
- Palo Alto Networks
- Vendor
- CVE Published:
- 18 November 2024
Badges
What is CVE-2024-0012?
CVE-2024-0012 is an authentication bypass vulnerability affecting PAN-OS software developed by Palo Alto Networks, which is designed to provide network security through firewall and threat management capabilities. This vulnerability allows unauthenticated attackers with network access to the management web interface to achieve administrator-level access. The potential negative impact on an organization includes unauthorized administrative actions, malicious configuration changes, and the ability to exploit further vulnerabilities, leading to heightened security risks.
Technical Details
This vulnerability specifically targets versions 10.2, 11.0, 11.1, and 11.2 of the PAN-OS software. An attacker who manages to access the management web interface can bypass authentication checks, granting them full administrative privileges. Once these privileges are obtained, the attacker can manipulate system configurations and may exploit related privilege escalation vulnerabilities, like CVE-2024-9474. To reduce the risk associated with this vulnerability, it is recommended that organizations limit access to the management interface to trusted internal IP addresses in accordance with best practices.
Impact of the Vulnerability
-
Unauthorized Administrative Access: Attackers can gain full administrative rights, allowing them to execute actions that could severely compromise the security posture of the organization.
-
Configuration Tampering: With unauthorized access, an attacker can modify firewall and security configurations, leading to potential exposure of sensitive data and systems.
-
Exploitation of Related Vulnerabilities: The existence of this vulnerability can facilitate the exploitation of additional vulnerabilities, compounding the security risks and creating pathways for more sophisticated attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
Affected Version(s)
PAN-OS 11.2.0 < 11.2.4-h1
PAN-OS 11.1.0 < 11.1.5-h1
PAN-OS 11.0.0 < 11.0.6-h1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
wiz.ioCVE-2024-0012Wiz Blog | Latest stories about Cloud Security
Guides, announcements, and articles about Cloud Security and the Wiz platform.
1 month ago
Palo Alto sounds alarm over PAN-OS zero-day attacks
Palo Alto Networks says that customer devices could be under threat from an actively-targeted critical security flaw
1 month ago
2K Palo Alto un-patched firewalls hacked despite warnings
Shadowserver reports 2,000 firewalls were hacked just two days after CISA put the two PAN-OS bugs on the KEV catalog.
2 months ago
References
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Palo Alto Networks
Vulnerability published
Vulnerability Reserved