PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
CVE-2024-9471
4.7MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 9 October 2024
Badges
👾 Exploit Exists
Summary
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
Affected Version(s)
PAN-OS >= 11.1.0
PAN-OS < 11.0.3
PAN-OS < 10.1.11
Refferences
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks an external reporter for discovering and reporting this issue.