CVE-2024-0012

Warnung

Exploit

EPSS 94.23%
Veröffentlicht 18.11.2024 16:15:11
Zuletzt bearbeitet 04.11.2025 16:49:23
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like  CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .

The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version10.2.0 Update-

Paloaltonetworks ≫ Pan-os Version10.2.0 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.0 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.0 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.1 Update-

Paloaltonetworks ≫ Pan-os Version10.2.1 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.1 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.2 Update-

Paloaltonetworks ≫ Pan-os Version10.2.2 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.2 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.2 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.2 Updateh5

Paloaltonetworks ≫ Pan-os Version10.2.3 Update-

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh11

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh12

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh13

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.3 Updateh9

Paloaltonetworks ≫ Pan-os Version10.2.4 Update-

Paloaltonetworks ≫ Pan-os Version10.2.4 Updateh10

Paloaltonetworks ≫ Pan-os Version10.2.4 Updateh16

Paloaltonetworks ≫ Pan-os Version10.2.4 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.4 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.4 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.5 Update-

Paloaltonetworks ≫ Pan-os Version10.2.5 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.5 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.5 Updateh6

Paloaltonetworks ≫ Pan-os Version10.2.6 Update-

Paloaltonetworks ≫ Pan-os Version10.2.6 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.6 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.7 Update-

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh12

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh16

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh6

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh8

Paloaltonetworks ≫ Pan-os Version10.2.8 Update-

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh10

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh13

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.9 Update-

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh11

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh14

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh9

Paloaltonetworks ≫ Pan-os Version10.2.10 Update-

Paloaltonetworks ≫ Pan-os Version10.2.10 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.10 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.10 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.10 Updateh5

Paloaltonetworks ≫ Pan-os Version10.2.10 Updateh7

Paloaltonetworks ≫ Pan-os Version10.2.11 Update-

Paloaltonetworks ≫ Pan-os Version10.2.11 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.11 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.11 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.11 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.12 Update-

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.0 Update-

Paloaltonetworks ≫ Pan-os Version11.0.0 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.0 Updateh2

Paloaltonetworks ≫ Pan-os Version11.0.0 Updateh3

Paloaltonetworks ≫ Pan-os Version11.0.1 Update-

Paloaltonetworks ≫ Pan-os Version11.0.1 Updateh2

Paloaltonetworks ≫ Pan-os Version11.0.1 Updateh3

Paloaltonetworks ≫ Pan-os Version11.0.1 Updateh4

Paloaltonetworks ≫ Pan-os Version11.0.2 Update-

Paloaltonetworks ≫ Pan-os Version11.0.2 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.2 Updateh2

Paloaltonetworks ≫ Pan-os Version11.0.2 Updateh3

Paloaltonetworks ≫ Pan-os Version11.0.2 Updateh4

Paloaltonetworks ≫ Pan-os Version11.0.3 Update-

Paloaltonetworks ≫ Pan-os Version11.0.3 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.3 Updateh10

Paloaltonetworks ≫ Pan-os Version11.0.3 Updateh12

Paloaltonetworks ≫ Pan-os Version11.0.3 Updateh3

Paloaltonetworks ≫ Pan-os Version11.0.3 Updateh5

Paloaltonetworks ≫ Pan-os Version11.0.4 Update-

Paloaltonetworks ≫ Pan-os Version11.0.4 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.4 Updateh2

Paloaltonetworks ≫ Pan-os Version11.0.4 Updateh5

Paloaltonetworks ≫ Pan-os Version11.0.5 Update-

Paloaltonetworks ≫ Pan-os Version11.0.5 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.6 Update-

Paloaltonetworks ≫ Pan-os Version11.1.0 Update-

Paloaltonetworks ≫ Pan-os Version11.1.0 Updateh1

Paloaltonetworks ≫ Pan-os Version11.1.0 Updateh2

Paloaltonetworks ≫ Pan-os Version11.1.0 Updateh3

Paloaltonetworks ≫ Pan-os Version11.1.1 Update-

Paloaltonetworks ≫ Pan-os Version11.1.1 Updateh1

Paloaltonetworks ≫ Pan-os Version11.1.2 Update-

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh1

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh12

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh14

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh3

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh4

Paloaltonetworks ≫ Pan-os Version11.1.2 Updateh9

Paloaltonetworks ≫ Pan-os Version11.1.3 Update-

Paloaltonetworks ≫ Pan-os Version11.1.3 Updateh1

Paloaltonetworks ≫ Pan-os Version11.1.3 Updateh10

Paloaltonetworks ≫ Pan-os Version11.1.3 Updateh2

Paloaltonetworks ≫ Pan-os Version11.1.3 Updateh4

Paloaltonetworks ≫ Pan-os Version11.1.3 Updateh6

Paloaltonetworks ≫ Pan-os Version11.1.4 Update-

Paloaltonetworks ≫ Pan-os Version11.1.4 Updateh1

Paloaltonetworks ≫ Pan-os Version11.1.4 Updateh4

Paloaltonetworks ≫ Pan-os Version11.1.5 Update-

Paloaltonetworks ≫ Pan-os Version11.2.0 Update-

Paloaltonetworks ≫ Pan-os Version11.2.1 Update-

Paloaltonetworks ≫ Pan-os Version11.2.2 Update-

Paloaltonetworks ≫ Pan-os Version11.2.2 Updateh1

Paloaltonetworks ≫ Pan-os Version11.2.3 Update-

Paloaltonetworks ≫ Pan-os Version11.2.4 Update-

18.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Schwachstelle

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.23%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@paloaltonetworks.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://security.paloaltonetworks.com/CVE-2024-0012

Vendor Advisory

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/

Vendor Advisory

https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-0012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0012

EUVD