Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall
CVE-2024-9474

7.2HIGH

Key Information:

Vendor
Palo Alto Networks
Status
Cloud Ngfw
Pan-os
Prisma Access
Vendor
CVE Published:
18 November 2024

Badges

📈 Trended📈 Score: 3,900👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%🦅 CISA Reported📰 News Worthy

What is CVE-2024-9474?

CVE-2024-9474 is a privilege escalation vulnerability identified in Palo Alto Networks’ PAN-OS, the operating system powering their network firewalls. This vulnerability enables an administrator with access to the management web interface to gain root privileges, inadvertently allowing them to execute critical firewall actions that could compromise the device's security. Organizations utilizing Palo Alto firewalls could face significant security risks, as this vulnerability may allow unauthorized access to sensitive configurations and control over the firewall function.

Technical Details

The vulnerability resides within the PAN-OS software that manages Palo Alto Networks firewalls. It specifically affects the web-based management interface, where an authenticated administrator can take advantage of inadequate privilege restrictions. An attacker with existing administrative access can exploit this flaw to escalate their privileges and manipulate the firewall settings, leading to potential alterations in traffic management, security settings, or even data interception.

Cloud-based products such as Cloud NGFW and Prisma Access are not affected by CVE-2024-9474, isolating the risk to on-premises firewall deployments that utilize the affected PAN-OS version.

Potential Impact of CVE-2024-9474

  1. Unauthorized Control: The primary risk is that an attacker could gain unauthorized control over the firewall, permitting them to change essential configurations or disable security features, rendering the network defenseless against other attacks.

  2. Data Breach Potential: With root access, an attacker could intercept valuable data being transmitted through the firewall, leading to potential data breaches and significant financial and reputational harm to the organization.

  3. Increased Attack Surface: By exploiting this vulnerability, an attacker may set up additional backdoors or malware, increasing the attack surface and providing persistent access, complicating incident response efforts and overall security management.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.4-h1

PAN-OS 11.1.0 < 11.1.5-h1

PAN-OS 11.0.0 < 11.0.6-h1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-9474
Created by Rapid7

PAN-OS_CVE-2024-9474
Created by coskper-papa

CVE-2024-9474
Created by concretesign

News Articles

favicon imageTech Monitor

Palo Alto Networks warns of active exploitation of PAN-OS firewall vulnerabilities

Palo Alto Networks has confirmed that multiple security vulnerabilities in its PAN-OS firewall software are being actively exploited.

3 weeks ago

favicon imageThe Hacker News

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

CISA warns of active exploitation of Palo Alto Networks and SonicWall vulnerabilities, requiring agencies to patch by March 11, 2025, to secure networ

3 weeks ago

favicon imageThe Register

Palo Alto warns firewalls flaws are under active attack

A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems. This story starts with...

3 weeks ago

References

https://security.paloaltonetworks.com/CVE-2024-9474
vendor-advisory

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.
.