From e7d0c0c9be08ee56cbcfe6d28e06677e74c2edbe Mon Sep 17 00:00:00 2001 From: Alwin Warringa Date: Wed, 20 Nov 2024 21:23:14 +0100 Subject: [PATCH 1/2] Create DIVD-2024-00047.md Eerste versie van casefile --- _cases/2024/DIVD-2024-00047.md | 54 ++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 _cases/2024/DIVD-2024-00047.md diff --git a/_cases/2024/DIVD-2024-00047.md b/_cases/2024/DIVD-2024-00047.md new file mode 100644 index 00000000..670947a0 --- /dev/null +++ b/_cases/2024/DIVD-2024-00047.md @@ -0,0 +1,54 @@ +--- +layout: case +title: "Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices" +author: Alwin Warringa +lead: Alwin Warringa +excerpt: "An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474" +researchers: +- Alwin Warringa +cves: +- CVE-2024-0012 +- CVE-2024-9474 +product: +- Palo Alto PAN-OS devices +versions: + - PAN-OS 11.2 before 11.2.4-h1 +- PAN-OS 11.1 before 11.1.5-h1 +- PAN-OS 11.0 before 11.0.6-h1 +- PAN-OS 10.2 before 10.2.12-h2 +recommendation: "Patch your version to a non-vulnerable version" +workaround: "none" +patch_status: Patch available +status : Open +start: 2024-11-11 +timeline: +- start: 2024-11-11 + end: + event: "DIVD starts researching the vulnerability." +- start: 2024-11-20 + end: + event: "DIVD finds fingerprint, preparing to scan." +- start: 2024-11-20 + end: + event: "Case opened and starting first scan." +--- + +## Summary +An authentication bypass in Palo Alto Networks PAN-OS software ({% cve CVE-2024-0012 %}) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like {% cve CVE-2024-9474 %} + +## Recommendations + +To remediate {% cve CVE-2024-0012 %} and {% cve CVE-2024-9474 %}, update to a non-vulnerable version. You can find a link to the Palo Alto bulletin at the bottom of this post. + +## What we are doing + +DIVD is currently working to identify parties that are running a vulnerable version of Palo Alto PAN-OS and to notify these parties. + +{% include timeline.html %} + +## More information + +* {% cve CVE-2024-0012 %} +* {% cve CVE-2024-9474 %} +* [Palo Alto Security Bullitin for CVE-2024-0012](https://security.paloaltonetworks.com/CVE-2024-0012) +* [Palo Alto Security Bulletin for CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474) From 4ba8c11de5c442041de3390ea66ee6464aece437 Mon Sep 17 00:00:00 2001 From: Alwin Warringa Date: Wed, 20 Nov 2024 21:26:32 +0100 Subject: [PATCH 2/2] Update DIVD-2024-00047.md fix typo --- _cases/2024/DIVD-2024-00047.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_cases/2024/DIVD-2024-00047.md b/_cases/2024/DIVD-2024-00047.md index 670947a0..65beeac0 100644 --- a/_cases/2024/DIVD-2024-00047.md +++ b/_cases/2024/DIVD-2024-00047.md @@ -12,14 +12,14 @@ cves: product: - Palo Alto PAN-OS devices versions: - - PAN-OS 11.2 before 11.2.4-h1 +- PAN-OS 11.2 before 11.2.4-h1 - PAN-OS 11.1 before 11.1.5-h1 - PAN-OS 11.0 before 11.0.6-h1 - PAN-OS 10.2 before 10.2.12-h2 recommendation: "Patch your version to a non-vulnerable version" workaround: "none" patch_status: Patch available -status : Open +status: Open start: 2024-11-11 timeline: - start: 2024-11-11