← Voltar para CVEs

CVE-2024-9474

HIGHCISA KEV

7.2

Descricao

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Detalhes CVE

Pontuacao CVSS v3.17.2

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioNONE

Publicado11/18/2024

Ultima modificacao11/4/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorPalo Alto Networks

ProdutoPAN-OS

Nome da vulnerabilidadePalo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Data inclusao KEV2024-11-18

Prazo de remediacao2024-12-09

Uso em ransomwareKnown

Produtos afetados

paloaltonetworks:pan-os

Fraquezas (CWE)

CWE-78CWE-78

Referencias

https://security.paloaltonetworks.com/CVE-2024-9474(psirt@paloaltonetworks.com)

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/k4nfr3/CVE-2024-9474(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.