← Volver a CVEs

CVE-2024-9474

HIGHCISA KEV

7.2

Descripcion

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Detalles CVE

Puntuacion CVSS v3.17.2

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioNONE

Publicado11/18/2024

Ultima modificacion11/4/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorPalo Alto Networks

ProductoPAN-OS

Nombre vulnerabilidadPalo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Fecha inclusion KEV2024-11-18

Fecha limite remediacion2024-12-09

Uso en ransomwareKnown

Productos afectados

paloaltonetworks:pan-os

Debilidades (CWE)

CWE-78CWE-78

Referencias

https://security.paloaltonetworks.com/CVE-2024-9474(psirt@paloaltonetworks.com)

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/k4nfr3/CVE-2024-9474(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.