CVE-2024-0012

Warnung

Exploit

EPSS 94.23%
Veröffentlicht 18.11.2024 16:15:11
Zuletzt bearbeitet 20.12.2024 15:47:59
Quelle psirt@paloaltonetworks.com
Teams Watchlist Login
Unerledigt Login

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like  CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .

The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.12

Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.6

Paloaltonetworks ≫ Pan-os Version >= 11.1.0 < 11.1.5

Paloaltonetworks ≫ Pan-os Version >= 11.2.0 < 11.2.4

Paloaltonetworks ≫ Pan-os Version10.2.12 Update-

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh1

Paloaltonetworks ≫ Pan-os Version11.0.6 Update-

Paloaltonetworks ≫ Pan-os Version11.1.5 Update-

Paloaltonetworks ≫ Pan-os Version11.2.4 Update-

18.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Schwachstelle

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.23%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@paloaltonetworks.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://security.paloaltonetworks.com/CVE-2024-0012

Vendor Advisory

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/

Vendor Advisory

https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-0012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0012

EUVD