DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices

Our reference DIVD-2024-00047
Case lead Alwin Warringa
Researcher(s)
CVE(s)
Products
  • Palo Alto PAN-OS devices
Versions
  • PAN-OS 11.2 before 11.2.4-h1
  • PAN-OS 11.1 before 11.1.5-h1
  • PAN-OS 11.0 before 11.0.6-h1
  • PAN-OS 10.2 before 10.2.12-h2
Recommendation Patch your version to a non-vulnerable version
Patch status Patch available
Workaround none
Status Open
Last modified 21 Nov 2024 10:16 CET

Summary

An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474

Recommendations

To remediate CVE-2024-0012 and CVE-2024-9474, update to a non-vulnerable version. You can find a link to the Palo Alto bulletin at the bottom of this post.

What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of Palo Alto PAN-OS and to notify these parties.

Timeline

Date Description
11 Nov 2024 DIVD starts researching the vulnerability.
20 Nov 2024 DIVD finds fingerprint, preparing to scan.
21 Nov 2024 Case opened and starting first scan.
21 Nov 2024 DIVD begins notifying owners of vulnerable systems.
gantt title DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices (still open) :2024-11-11, 2024-12-24 section Events DIVD starts researching the vulnerability. : milestone, 2024-11-11, 0d DIVD finds fingerprint, preparing to scan. : milestone, 2024-11-20, 0d Case opened and starting first scan. : milestone, 2024-11-21, 0d DIVD begins notifying owners of vulnerable systems. : milestone, 2024-11-21, 0d

More information