Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software

CVE-2024-0012

9.8CRITICAL

Key Information

Vendor
Palo Alto Networks
Status
Cloud Ngfw
Pan-os
Prisma Access
Vendor
CVE Published:
18 November 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%📰 News Worthy

What is CVE-2024-0012?

CVE-2024-0012 is an authentication bypass vulnerability affecting PAN-OS software developed by Palo Alto Networks, which is designed to provide network security through firewall and threat management capabilities. This vulnerability allows unauthenticated attackers with network access to the management web interface to achieve administrator-level access. The potential negative impact on an organization includes unauthorized administrative actions, malicious configuration changes, and the ability to exploit further vulnerabilities, leading to heightened security risks.

Technical Details

This vulnerability specifically targets versions 10.2, 11.0, 11.1, and 11.2 of the PAN-OS software. An attacker who manages to access the management web interface can bypass authentication checks, granting them full administrative privileges. Once these privileges are obtained, the attacker can manipulate system configurations and may exploit related privilege escalation vulnerabilities, like CVE-2024-9474. To reduce the risk associated with this vulnerability, it is recommended that organizations limit access to the management interface to trusted internal IP addresses in accordance with best practices.

Impact of the Vulnerability

  1. Unauthorized Administrative Access: Attackers can gain full administrative rights, allowing them to execute actions that could severely compromise the security posture of the organization.

  2. Configuration Tampering: With unauthorized access, an attacker can modify firewall and security configurations, leading to potential exposure of sensitive data and systems.

  3. Exploitation of Related Vulnerabilities: The existence of this vulnerability can facilitate the exploitation of additional vulnerabilities, compounding the security risks and creating pathways for more sophisticated attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-0012 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Affected Version(s)

Cloud NGFW >= All

PAN-OS < 11.2.4-h1

PAN-OS < 11.1.5-h1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0012_CVE-2024-9474_PoC
Created by TalatumLabs

CVE-2024-0012-POC
Created by Sachinart

CVE-2024-0012
Created by greaselovely

News Articles

favicon imageSC Media

2K Palo Alto un-patched firewalls hacked despite warnings

Shadowserver reports 2,000 firewalls were hacked just two days after CISA put the two PAN-OS bugs on the KEV catalog.

4 days ago

favicon imageit-daily

Cyberattacks on Palo Alto Networks firewall devices

Several security breaches were observed at companies from different industries in which firewall devices from Palo Alto Network were involved.

4 weeks ago

favicon imageTheCyberThrone

PaloAlto devices are under massive exploitation

Researchers from Shadowserver have revealed that approximately 2,000 Palo Alto Networks firewalls have been compromised leavaraging recently discovered zeroday bugs. namely  CVE-2024-0012 and CVE-2024-9474. This initial exploitation of the vulnerabilities has been named as “Operation Lunar Peek.” Pa...

1 month ago

Refferences

https://security.paloaltonetworks.com/CVE-2024-0012
vendor-advisory

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 😈

    Used in Ransomware

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot

  • Vulnerability started trending

  • CISA Reported

  • First article discovered by Palo Alto Networks

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database5 Proof of Concept(s)15 News Article(s)

Credit

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.
.