-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #873 from DIVD-NL/sT0wn-nl-patch-1
Create DIVD-2024-00047.md
- Loading branch information
Showing
1 changed file
with
54 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
layout: case | ||
title: "Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices" | ||
author: Alwin Warringa | ||
lead: Alwin Warringa | ||
excerpt: "An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474" | ||
researchers: | ||
- Alwin Warringa | ||
cves: | ||
- CVE-2024-0012 | ||
- CVE-2024-9474 | ||
product: | ||
- Palo Alto PAN-OS devices | ||
versions: | ||
- PAN-OS 11.2 before 11.2.4-h1 | ||
- PAN-OS 11.1 before 11.1.5-h1 | ||
- PAN-OS 11.0 before 11.0.6-h1 | ||
- PAN-OS 10.2 before 10.2.12-h2 | ||
recommendation: "Patch your version to a non-vulnerable version" | ||
workaround: "none" | ||
patch_status: Patch available | ||
status: Open | ||
start: 2024-11-11 | ||
timeline: | ||
- start: 2024-11-11 | ||
end: | ||
event: "DIVD starts researching the vulnerability." | ||
- start: 2024-11-20 | ||
end: | ||
event: "DIVD finds fingerprint, preparing to scan." | ||
- start: 2024-11-20 | ||
end: | ||
event: "Case opened and starting first scan." | ||
--- | ||
|
||
## Summary | ||
An authentication bypass in Palo Alto Networks PAN-OS software ({% cve CVE-2024-0012 %}) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like {% cve CVE-2024-9474 %} | ||
|
||
## Recommendations | ||
|
||
To remediate {% cve CVE-2024-0012 %} and {% cve CVE-2024-9474 %}, update to a non-vulnerable version. You can find a link to the Palo Alto bulletin at the bottom of this post. | ||
|
||
## What we are doing | ||
|
||
DIVD is currently working to identify parties that are running a vulnerable version of Palo Alto PAN-OS and to notify these parties. | ||
|
||
{% include timeline.html %} | ||
|
||
## More information | ||
|
||
* {% cve CVE-2024-0012 %} | ||
* {% cve CVE-2024-9474 %} | ||
* [Palo Alto Security Bullitin for CVE-2024-0012](https://security.paloaltonetworks.com/CVE-2024-0012) | ||
* [Palo Alto Security Bulletin for CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474) |