CVE-2024-0012
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability - [Actively Exploited]
Description
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
INFO
Published Date :
Nov. 18, 2024, 4:15 p.m.
Last Modified :
Dec. 20, 2024, 3:47 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Public PoC/Exploit Available at Github
CVE-2024-0012 has a 28 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-0012.
| URL | Resource |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-0012 | Vendor Advisory |
| https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ | Vendor Advisory |
| https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-0012 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-0012
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Professional-grade PAN-OS vulnerability assessment and upgrade planning tool
panw cve cve-scanning paloaltonetworks pan-os upgrade
Python
None
Python Mako Dockerfile
Exploitation and Post-Exploitation Multitool for Palo Alto PAN-OS Systems affected by vulnerabilities CVE-2024-0012 and CVE-2024-9474
Python
Red Team Initial Access Guide: Recon, exploitation, C2 setup, lateral movement, persistence, evasion techniques, and real-world case studies including network breaches and ransomware operations.
guide initial-access red-team ethical-hacking pentesting hacking
None
HTML Python Shell
Python script for CVE-2024-0012 / CVE-2024-9474 exploit
Python
Palo Alto RCE Vuln
Go
A collection of Vulnerability Research and Reverse Engineering writeups.
Python 脚本,用于解析 Palo Alto Networks 安全公告,提取 CVE 信息,包括 CVE 编号、发布 URL、公告标题、CVSS 评分和严重性等级。
Python
This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script automates the exploitation process, including payload creation, chunked delivery, and seamless command execution.
Python
自动搜集每天的漏洞poc和exp信息。
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC
cve exploit paloaltonetworks cve-2024-0012
Python
🔥 List of security research and articles!
A curated collection of CVE exploitation proof-of-concept (POC) codes and resources. This repository is designed for security researchers, ethical hackers, and enthusiasts to study and understand various CVE vulnerabilities and their exploitation methods. Always ensure responsible usage for educational and ethical purposes only.
None
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-0012 vulnerability anywhere in the article.
-
The Hacker News
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Jul 17, 2025Ravie LakshmananCryptocurrency / Vulnerability Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryp ... Read more
-
Cyber Security News
Palo Alto Warns of Hackers Combining Vulnerabilities to Compromise Firewalls
Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generatio ... Read more
-
security.nl
Onderzoekers vinden Grub2- en UEFI-lekken in firewalls Palo Alto Networks
Onderzoekers hebben in firewalls van Palo Alto Networks meerdere kwetsbaarheden aangetroffen die al jaren oud en bekend zijn. Het gaat onder andere om een beveiligingslek in de Grub2-bootloader uit 20 ... Read more
-
Help Net Security
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulne ... Read more
-
Cybersecurity News
CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices
Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls.The backdoor was uncovered during a forensic investigation into a compromis ... Read more
-
TheCyberThrone
Most Exploited Vulnerabilities in 2024 Top 20 Analysis
In 2024, the cybersecurity landscape saw a significant number of exploited vulnerabilities, highlighting the ongoing challenges organizations face in protecting their systems and data.Some key trends ... Read more
-
Cybersecurity News
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ... Read more
-
Cybersecurity News
PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623)
Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo ... Read more
-
Cybersecurity News
CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution
A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as C ... Read more
-
Darktrace
Darktrace’s view on Operation Lunar Peek: Exploitation of Palo Alto firewall devices (CVE 2024-2012 and 2024-9474)
Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-2012 and 2024-9474). Learn about the spike in post-exploitation activi ... Read more
-
Cybersecurity News
Multiple Vulnerabilities in SonicWall SMA 100 Could Lead to Remote Code Execution
SonicWall has issued a security advisory regarding several vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from Apache HTTP Server ... Read more
-
TheCyberThrone
The CyberThrone Most Exploited Vulnerabilities Top 10 – November 2024
Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of November 2024CVE-2024-9463: Palo Alto OS Command InjectionCVSS 3.1 Score : 9.9 CISA KEV: YesThis vuln ... Read more
-
Help Net Security
Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 ... Read more
-
TheCyberThrone
PaloAlto devices are under massive exploitation
Researchers from Shadowserver have revealed that approximately 2,000 Palo Alto Networks firewalls have been compromised leavaraging recently discovered zeroday bugs. namely CVE-2024-0012 and CVE-2024 ... Read more
-
The Register
1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control th ... Read more
-
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked
The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012 & CVE-2024-9474, enabling admin bypass and root access. Top ... Read more
-
security.nl
'Tweeduizend firewalls Palo Alto Networks geïnfecteerd met malware'
Meer dan tweeduizend firewalls van Palo Alto Networks zijn via twee recente kwetsbaarheden geïnfecteerd met malware, zo stelt The Shadowserver Foundation op basis van eigen onderzoek. In Nederland gaa ... Read more
-
Help Net Security
Cybercriminals turn to pen testers to test ransomware efficiency
Threat actors are recruiting pen testers to test and improve the reliability of their ransomware for affiliate programs, according to Cato Networks. Any good developer knows that software needs to be ... Read more
-
BleepingComputer
Over 2,000 Palo Alto firewalls hacked using recently patched bugs
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. The two security flaws are an authentication bypass (CVE ... Read more
-
The Hacker News
Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Vulnerability / Cyber Attack As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under ac ... Read more
The following table lists the changes that have been made to the
CVE-2024-0012 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Dec. 20, 2024
Action Type Old Value New Value Changed Reference Type https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ No Types Assigned https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ Exploit, Third Party Advisory Changed Reference Type https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ No Types Assigned https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 29, 2024
Action Type Old Value New Value Added Reference https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 24, 2024
Action Type Old Value New Value Added Reference https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ -
Initial Analysis by [email protected]
Nov. 19, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://security.paloaltonetworks.com/CVE-2024-0012 No Types Assigned https://security.paloaltonetworks.com/CVE-2024-0012 Vendor Advisory Added CWE NIST CWE-306 Added CPE Configuration OR *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 10.2.0 up to (excluding) 10.2.12 *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.6 *cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.1.0 up to (excluding) 11.1.5 *cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.2.0 up to (excluding) 11.2.4 *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:* -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 19, 2024
Action Type Old Value New Value Added Date Added 2024-11-18 Added Vulnerability Name Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability Added Due Date 2024-12-09 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet. -
CVE Received by [email protected]
Nov. 18, 2024
Action Type Old Value New Value Added Description An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability. Added Reference Palo Alto Networks, Inc. https://security.paloaltonetworks.com/CVE-2024-0012 [No types assigned] Added CWE Palo Alto Networks, Inc. CWE-306 Added CVSS V4.0 Palo Alto Networks, Inc. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red