Severe authentication bypass vulnerability in Palo Alto Networks PAN-OS: CVE-2024-0012 actively exploited

ISGroup Cybersecurity

On November 19, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-0012 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is currently under active exploitation. This vulnerability is particularly concerning because it allows an attacker to bypass authentication mechanisms and obtain elevated privileges, with the potential to completely compromise the affected systems.

ProductPaloAltoNetworks PAN-OS
Date2024-11-20 11:10:55
Information
  • Fix Available
  • Active Exploitation

Technical Summary

An authentication bypass vulnerability in Palo Alto Networks’ PAN-OS software allows an unauthenticated attacker with network access to the management web interface to obtain PAN-OS administrator privileges. This could allow for administrative actions, configuration tampering, or the exploitation of other vulnerabilities such as CVE-2024-9474. This issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 installed on PA-Series, VM-Series, CN-Series, Panorama, and WildFire appliances. However, Cloud NGFW and Prisma Access are not affected.

Recommendations

Organizations using the affected PAN-OS versions are strongly advised to secure access to the management web interface by restricting it to trusted internal IP addresses, following recommended best practices. The issue has been resolved in PAN-OS versions 10.2.12-h2, 11.0.6-h1, 11.1.5-h1, 11.2.4-h1, and later. We also recommend updating to the latest maintenance release to ensure maximum security.

[Callforaction-THREAT-Footer]