{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-117.pdf"
    },
    "title": "Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS",
    "serial_number": "2024-117",
    "publish_date": "19-11-2024 09:55:57",
    "description": "Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges.<br>\nIt recommended applying the updates and restricting the access to the management web interface to only trusted internal IP addresses, according to the vendor's best practice deployment guidelines.<br>\n",
    "url_title": "2024-117",
    "content_markdown": "---\ntitle: 'Zero-Day Vulnerabilities in\u00a0Palo\u00a0Alto\u00a0Networks\u00a0PAN-OS'\nnumber: '2024-117'\nversion: '1.0'\noriginal_date: '2024-11-18'\ndate: '2024-11-19'\n---\n\n_History:_\n\n* _19/11/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nPalo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges [1,2].\n\nIt recommended applying the updates and restricting the access to the management web interface to only trusted internal IP addresses, according to the vendor's best practice deployment guidelines [3].\n\n# Technical Details\n\nThe vulnerability **CVE-2024-0012**, with a CVSS score of 9.3, is an authentication bypass flaw in Palo Alto Networks PAN-OS software. It enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 [1].\n\nThe vulnerability **CVE-2024-9474**, with a CVSS score of 6.9, is a privilege escalation flaw in Palo Alto Networks PAN-OS software. It allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges [2].\n\n# Affected Products\n\nThe following PAN-OS versions are affected by **CVE-2024-0012** and **CVE-2024-9474**:\n\n- PAN-OS 11.2 before 11.2.4-h1\n- PAN-OS 11.1 before 11.1.5-h1\n- PAN-OS 11.0 before 11.0.6-h1\n- PAN-OS 10.2 before 10.2.12-h2\n\nThe PAN-OS 10.1 versions before 10.1.14-h6 are also affected by **CVE-2024-9474**.\n\n# Recommendations\n\nCERT-EU recommends applying updates to the affected devices as soon as possible. It is also strongly recommended restricting access to the management web interface.\n\n# References\n\n[1] <https://security.paloaltonetworks.com/CVE-2024-0012>\n\n[2] <https://security.paloaltonetworks.com/CVE-2024-9474>\n\n[3] <https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431>\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>19/11/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges [1,2].</p><p>It recommended applying the updates and restricting the access to the management web interface to only trusted internal IP addresses, according to the vendor's best practice deployment guidelines [3].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-0012</strong>, with a CVSS score of 9.3, is an authentication bypass flaw in Palo Alto Networks PAN-OS software. It enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 [1].</p><p>The vulnerability <strong>CVE-2024-9474</strong>, with a CVSS score of 6.9, is a privilege escalation flaw in Palo Alto Networks PAN-OS software. It allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges [2].</p><h2 id=\"affected-products\">Affected Products</h2><p>The following PAN-OS versions are affected by <strong>CVE-2024-0012</strong> and <strong>CVE-2024-9474</strong>:</p><ul><li>PAN-OS 11.2 before 11.2.4-h1</li><li>PAN-OS 11.1 before 11.1.5-h1</li><li>PAN-OS 11.0 before 11.0.6-h1</li><li>PAN-OS 10.2 before 10.2.12-h2</li></ul><p>The PAN-OS 10.1 versions before 10.1.14-h6 are also affected by <strong>CVE-2024-9474</strong>.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends applying updates to the affected devices as soon as possible. It is also strongly recommended restricting access to the management web interface.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://security.paloaltonetworks.com/CVE-2024-0012\">https://security.paloaltonetworks.com/CVE-2024-0012</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://security.paloaltonetworks.com/CVE-2024-9474\">https://security.paloaltonetworks.com/CVE-2024-9474</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}