diff --git a/_cases/2024/DIVD-2024-00047.md b/_cases/2024/DIVD-2024-00047.md new file mode 100644 index 00000000..65beeac0 --- /dev/null +++ b/_cases/2024/DIVD-2024-00047.md @@ -0,0 +1,54 @@ +--- +layout: case +title: "Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices" +author: Alwin Warringa +lead: Alwin Warringa +excerpt: "An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474" +researchers: +- Alwin Warringa +cves: +- CVE-2024-0012 +- CVE-2024-9474 +product: +- Palo Alto PAN-OS devices +versions: +- PAN-OS 11.2 before 11.2.4-h1 +- PAN-OS 11.1 before 11.1.5-h1 +- PAN-OS 11.0 before 11.0.6-h1 +- PAN-OS 10.2 before 10.2.12-h2 +recommendation: "Patch your version to a non-vulnerable version" +workaround: "none" +patch_status: Patch available +status: Open +start: 2024-11-11 +timeline: +- start: 2024-11-11 + end: + event: "DIVD starts researching the vulnerability." +- start: 2024-11-20 + end: + event: "DIVD finds fingerprint, preparing to scan." +- start: 2024-11-20 + end: + event: "Case opened and starting first scan." +--- + +## Summary +An authentication bypass in Palo Alto Networks PAN-OS software ({% cve CVE-2024-0012 %}) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like {% cve CVE-2024-9474 %} + +## Recommendations + +To remediate {% cve CVE-2024-0012 %} and {% cve CVE-2024-9474 %}, update to a non-vulnerable version. You can find a link to the Palo Alto bulletin at the bottom of this post. + +## What we are doing + +DIVD is currently working to identify parties that are running a vulnerable version of Palo Alto PAN-OS and to notify these parties. + +{% include timeline.html %} + +## More information + +* {% cve CVE-2024-0012 %} +* {% cve CVE-2024-9474 %} +* [Palo Alto Security Bullitin for CVE-2024-0012](https://security.paloaltonetworks.com/CVE-2024-0012) +* [Palo Alto Security Bulletin for CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474)