CVE-2024-9471Improper Privilege Management in Palo Alto Networks Pan-os

CWE-269Improper Privilege Management4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.3%
top 48.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Cloud Ngfw+2 more
Timeline
PublishedOct 9

Description

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should b

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

NVDpaloaltonetworks/pan-os9.0.010.0.0+3
CVEListV5palo_alto_networks/pan-os11.0.011.0.3+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-p24w-fv79-9hfm: A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with rest2024-10-09
CVEList
PAN-OS: Privilege Escalation (PE) Vulnerability in XML API2024-10-09

📋Vendor Advisories

1
Palo Alto
PAN-OS: Privilege Escalation (PE) Vulnerability in XML API2024-10-09
CVE-2024-9471 — Improper Privilege Management in Palo | cvebase