PAN-OS: authentication bypass in PAN-OS management web interface (CVE-2024-0012) #shorts #breaking
CVE
The newly released CVE-2024-0012 identifies a critical security vulnerability in Palo Alto Networks PAN-OS software versions 10.2, 11.0, 11.1, and 11.2. This flaw allows unauthenticated attackers with network access to the management web interface to bypass authentication controls. Once bypassed, attackers can escalate their privileges to an administrator level, enabling them to perform all administrative actions, modify system configurations, and potentially exploit further privilege escalation vulnerabilities, such as CVE-2024-9474. This vulnerability is classified as a zero-day, meaning it exists in a system before the vendor has issued a patch. Users operating the specified versions of PAN-OS and exposing their management web interface to untrusted networks are the primary targets.
Watch the full video on YouTube: CVE-2024-0012
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.