PAN-OS: authentication bypass in PAN-OS management web interface (CVE-2024-0012) #shorts #breaking

CVE

The newly released CVE-2024-0012 identifies a critical security vulnerability in Palo Alto Networks PAN-OS software versions 10.2, 11.0, 11.1, and 11.2. This flaw allows unauthenticated attackers with network access to the management web interface to bypass authentication controls. Once bypassed, attackers can escalate their privileges to an administrator level, enabling them to perform all administrative actions, modify system configurations, and potentially exploit further privilege escalation vulnerabilities, such as CVE-2024-9474. This vulnerability is classified as a zero-day, meaning it exists in a system before the vendor has issued a patch. Users operating the specified versions of PAN-OS and exposing their management web interface to untrusted networks are the primary targets.

Watch the full video on YouTube: CVE-2024-0012

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-0012
Description
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Provider
palo_alto
CWE / problem types
CWE-306 Missing Authentication for Critical Function
Affected Software Versions
Palo Alto Networks:Cloud NGFW:[{'status': 'unaffected', 'version': 'All'}],Palo Alto Networks:PAN-OS:[{'changes': [{'at': '11.2.4-h1', 'status': 'unaffected'}], 'lessThan': '11.2.4-h1', 'status': 'affected', 'version': '11.2.0', 'versionType': 'custom'}, {'changes': [{'at': '11.1.5-h1', 'status': 'unaffected'}], 'lessThan': '11.1.5-h1', 'status': 'affected', 'version': '11.1.0', 'versionType': 'custom'}, {'changes': [{'at': '11.0.6-h1', 'status': 'unaffected'}], 'lessThan': '11.0.6-h1', 'status': 'affected', 'version': '11.0.0', 'versionType': 'custom'}, {'changes': [{'at': '10.2.12-h2', 'status': 'unaffected'}], 'lessThan': '10.2.12-h2', 'status': 'affected', 'version': '10.2.0', 'versionType': 'custom'}, {'status': 'unaffected', 'version': '10.1.0'}],Palo Alto Networks:Prisma Access:[{'status': 'unaffected', 'version': 'All'}]
Date Published
2024-11-18T15:47:41.407Z
Last Updated
2024-11-29T16:08:34.490Z