⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.. Due date: 2024-12-09.

CVE-2024-9474 — OS Command Injection in Palo Alto Networks Pan-os

CWE-78 — OS Command Injection CWE-77 — Command Injection CWE-306 — Missing Authentication for Critical Function21 documents13 sources

Severity

6.9MEDIUMNVD

EPSS

94.2%

top 0.08%

CISA KEV

KEVRansomware

Added 2024-11-18

Due 2024-12-09

Exploit

Exploited in wild

Active exploitation observed

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +6 more

Timeline

PublishedNov 18

KEV addedNov 18

KEV dueDec 9

Latest updateFeb 19

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Description

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages9 packages

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/cloud_ngfw

▶NVDpaloaltonetworks/pan-os10.1.0 — 10.1.14+9

▶CVEListV5palo_alto_networks/pan-os11.2.0 — 11.2.4-h1+4

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

CVEList

PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface↗2024-11-18

▶

GHSA

GHSA-cgvw-jh5j-mgq3: A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface t↗2024-11-18

▶

VulnCheck

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability↗2024

▶

💥Exploits & PoCs

Metasploit

Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution↗

▶

Nuclei

PAN-OS Management Web Interface - Command Injection

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Command Injection in User Parameter (CVE-2024-9474)↗2024-11-19

▶

📋Vendor Advisories

CISA

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability↗2024-11-18

▶

Palo Alto

PAN-SA-2024-0015 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)↗2024-11-18

▶

Palo Alto

PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface↗

▶

🕵️Threat Intelligence

Bleepingcomputer

Palo Alto Networks tags new firewall bug as exploited in attacks↗2025-02-19

▶

Wiz

Crying Out Cloud - December 2024 Newsletter | Wiz↗2024-12-12

▶

Unit42

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)↗2024-11-22

▶

Wiz

Wiz observes CVE-2024-0012 and CVE-2024-9474 exploitation | Wiz Blog↗2024-11-22

▶

Unit42

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)↗2024-11-22

▶