Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall

CVE-2024-9474
7.2HIGH

Key Information

Vendor
Palo Alto Networks
Status
Cloud Ngfw
Pan-os
Prisma Access
Vendor
CVE Published:
18 November 2024

Badges

👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%📰 News Worthy

Summary

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9474 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Affected Version(s)

Cloud NGFW >= All

PAN-OS < 11.2.4-h1

PAN-OS < 11.1.5-h1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9474
Created by Chocapikk

CVE-2024-9474
Created by deathvu

News Articles

favicon image

Palo Alto Networks patches firewall-busting zero-days

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-days. The...

2 days ago

favicon imageThe Register

Palo Alto Networks patches firewall-busting zero-days

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-days. The...

2 days ago

favicon imagewatchTowr Labs - Blog

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Note: Since this is 'breaking' news and more details are being released, we're updating this post as more details become available (and as we think of better memes). Mash that F5 key every so often for a better blogpost experience! It's no big news that threat actors just love popping

2 days ago

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by The Cyber Express

  • Initial publication

  • Vulnerability published.

  • Vulnerability Reserved.

  • 👾

    Exploit exists.

Collectors

NVD DatabaseMitre DatabaseCISA Database2 Proof of Concept(s)6 News Article(s)

Credit

Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.
.