Skip to content

Commit

Permalink
Merge pull request #873 from DIVD-NL/sT0wn-nl-patch-1
Browse files Browse the repository at this point in the history
Create DIVD-2024-00047.md
  • Loading branch information
MrSeccubus authored Nov 21, 2024
2 parents 2f11d77 + 4ba8c11 commit e02615b
Showing 1 changed file with 54 additions and 0 deletions.
54 changes: 54 additions & 0 deletions _cases/2024/DIVD-2024-00047.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
layout: case
title: "Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices"
author: Alwin Warringa
lead: Alwin Warringa
excerpt: "An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474"
researchers:
- Alwin Warringa
cves:
- CVE-2024-0012
- CVE-2024-9474
product:
- Palo Alto PAN-OS devices
versions:
- PAN-OS 11.2 before 11.2.4-h1
- PAN-OS 11.1 before 11.1.5-h1
- PAN-OS 11.0 before 11.0.6-h1
- PAN-OS 10.2 before 10.2.12-h2
recommendation: "Patch your version to a non-vulnerable version"
workaround: "none"
patch_status: Patch available
status: Open
start: 2024-11-11
timeline:
- start: 2024-11-11
end:
event: "DIVD starts researching the vulnerability."
- start: 2024-11-20
end:
event: "DIVD finds fingerprint, preparing to scan."
- start: 2024-11-20
end:
event: "Case opened and starting first scan."
---

## Summary
An authentication bypass in Palo Alto Networks PAN-OS software ({% cve CVE-2024-0012 %}) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like {% cve CVE-2024-9474 %}

## Recommendations

To remediate {% cve CVE-2024-0012 %} and {% cve CVE-2024-9474 %}, update to a non-vulnerable version. You can find a link to the Palo Alto bulletin at the bottom of this post.

## What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of Palo Alto PAN-OS and to notify these parties.

{% include timeline.html %}

## More information

* {% cve CVE-2024-0012 %}
* {% cve CVE-2024-9474 %}
* [Palo Alto Security Bullitin for CVE-2024-0012](https://security.paloaltonetworks.com/CVE-2024-0012)
* [Palo Alto Security Bulletin for CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474)

0 comments on commit e02615b

Please sign in to comment.