PAN-OS management interface authentication bypass

Added: 11/20/2024
CVE: CVE-2024-0012

Background

Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats.

Problem

An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to one of the versions listed under the Solution section of Palo Alto Networks Security Advisory CVE-2024-0012.

References

https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

Platforms

PAN-OS

Back to exploit index