PAN-OS Authentication Bypass Vulnerability (CVE-2024-0012) & Privilege Escalation Vulnerability (CVE-2024-9474)

A Critical Authentication Bypass Vulnerability (CVE-2024-0012) and a Medium Privilege Escalation Vulnerability (CVE-2024-9474) were identified in Palo Alto Networks PAN-OS management web interface and are exploited in the wild.  The vulnerabilities enable an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.

 

Vulnerability

  • Authentication Bypass Vulnerability (CVE-2024-0012)
  • Privilege Escalation Vulnerability (CVE-2024-9474)

 

Severity Level

  • Critical (CVE-2024-0012)
  • Medium (CVE-2024-9474)

 

Affected Products

  • PAN-OS 10.1, 10.2, 11.0, 11.1, and 11.2
    • PAN-OS 11.2: < 11.2.4-h1
    • PAN-OS 11.1: < 11.1.5-h1
    • PAN-OS 11.0: < 11.0.6-h1
    • PAN-OS 10.2: < 10.2.12-h2
    • PAN-OS 10.1: < 10.1.14-h6

 

Remediation

  • Apply the fix in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions IMMEDIATELY.
  • Secure the access to the management web interface by restricting access to only trusted internal IP addresses according to the Guideline for Securing PAN-OS Management Interface.

 

Workaround

  • Secure the access to the management web interface by restricting access to only trusted internal IP addresses according to the Guideline for Securing PAN-OS Management Interface.
  • If you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later).
  • Ensure that all the listed Threat IDs are set to block mode,
  • Route incoming traffic for the MGT port through a DP port, e.g., enabling management profile on a DP interface for management access.
  • Replace the Certificate for Inbound Traffic Management,
  • Decrypt inbound traffic to the management interface so the firewall can inspect it, and
  • Enable threat prevention on the inbound traffic to management services.

 

Reference

 

Enquiry

 

 

Published on: 19 Nov 2024