⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.. Due date: 2024-12-09.

CVE-2024-0012Router Implant: Missing Authentication for Critical Function in Palo Alto Networks Pan-os

CWE-306Missing Authentication for Critical Function20 documents13 sources
Severity
9.3CRITICALNVD
EPSS
94.3%
top 0.06%
CISA KEV
KEVRansomware
Added 2024-11-18
Due 2024-12-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Cloud Ngfw+2 more
Timeline
PublishedNov 18
KEV addedNov 18
KEV dueDec 9
Latest updateDec 12
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Description

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by res

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N

Affected Packages5 packages

CVEListV5palo_alto_networks/pan-os11.2.011.2.4-h1+3
NVDpaloaltonetworks/pan-os31 versions+30
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
GHSA
GHSA-mw9x-2qwv-599p: An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface2024-11-18
CVEList
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)2024-11-18
VulnCheck
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability2024

💥Exploits & PoCs

2
Metasploit
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
Nuclei
PAN-OS Management Web Interface - Authentication Bypass

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Authentication Bypass (CVE-2024-0012)2024-11-19

📋Vendor Advisories

2
CISA
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability2024-11-18
Palo Alto
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

🕵️Threat Intelligence

9
Wiz
Crying Out Cloud - December 2024 Newsletter | Wiz2024-12-12
Unit42
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)2024-11-22
Wiz
Wiz observes CVE-2024-0012 and CVE-2024-9474 exploitation | Wiz Blog2024-11-22
Unit42
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)2024-11-22
Wiz
Wiz observes CVE-2024-0012 and CVE-2024-9474 exploitation | Wiz Blog2024-11-22
CVE-2024-0012 — Router Implant | cvebase