Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall

CVE-2024-9474

7.2HIGH

Key Information

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 18 November 2024

Badges

👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%📰 News Worthy

Summary

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9474 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Affected Version(s)

Cloud NGFW >= All

PAN-OS < 11.2.4-h1

PAN-OS < 11.1.5-h1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PAN-OS_CVE-2024-9474
Created by coskper-papa

CVE-2024-9474
Created by Chocapikk

CVE-2024-9474
Created by deathvu

News Articles

SC Media

CVE-2024-0012 CVE-2024-9474

2K Palo Alto un-patched firewalls hacked despite warnings

Shadowserver reports 2,000 firewalls were hacked just two days after CISA put the two PAN-OS bugs on the KEV catalog.

4 days ago

it-daily

CVE-2024-0012 CVE-2024-9474

Cyberattacks on Palo Alto Networks firewall devices

Several security breaches were observed at companies from different industries in which firewall devices from Palo Alto Network were involved.

4 weeks ago

TheCyberThrone

CVE-2024-0012 CVE-2024-9474

PaloAlto devices are under massive exploitation

Researchers from Shadowserver have revealed that approximately 2,000 Palo Alto Networks firewalls have been compromised leavaraging recently discovered zeroday bugs. namely CVE-2024-0012 and CVE-2024-9474. This initial exploitation of the vulnerabilities has been named as “Operation Lunar Peek.” Pa...

1 month ago

Refferences

https://security.paloaltonetworks.com/CVE-2024-9474

vendor-advisory

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🔴
Public PoC available
Dec 11, 2024
CISA Reported
Nov 18, 2024
First article discovered by The Cyber Express
Nov 18, 2024
Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Oct 3, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database3 Proof of Concept(s)13 News Article(s)

Credit

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.