CVE-2024-9474
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability - [Actively Exploited]
Description
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
INFO
Published Date :
Nov. 18, 2024, 4:15 p.m.
Last Modified :
Dec. 20, 2024, 4:49 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
Affected Products
The following products are affected by CVE-2024-9474
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | MEDIUM | [email protected] |
Public PoC/Exploit Available at Github
CVE-2024-9474 has a 35 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-9474.
| URL | Resource |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-9474 | Vendor Advisory |
| https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ | Press/Media Coverage Vendor Advisory |
| https://github.com/k4nfr3/CVE-2024-9474 | Exploit |
| https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-9474 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-9474
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
备份的漏洞库,3月开始我们来维护
None
None
Exploitation and Post-Exploitation Multitool for Palo Alto PAN-OS Systems affected by vulnerabilities CVE-2024-0012 and CVE-2024-9474
Python
Red Team Initial Access Guide: Recon, exploitation, C2 setup, lateral movement, persistence, evasion techniques, and real-world case studies including network breaches and ransomware operations.
guide initial-access red-team ethical-hacking pentesting hacking
None
HTML
wy876
Python
wy876 POC | wy876的poc仓库已删库,该项目为其仓库镜像
备份的漏洞库,3月开始我们来维护
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了300多个poc/exp,长期更新。
漏洞文库 wiki.wy876.cn
HTML
None
HTML Python Shell
Python script for CVE-2024-0012 / CVE-2024-9474 exploit
Python
Palo Alto RCE Vuln
Go
A collection of Vulnerability Research and Reverse Engineering writeups.
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-9474 vulnerability anywhere in the article.
-
The Hacker News
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Jul 17, 2025Ravie LakshmananCryptocurrency / Vulnerability Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryp ... Read more
-
Help Net Security
Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese sta ... Read more
-
BleepingComputer
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high seve ... Read more
-
Cyber Security News
Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability
Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenCon ... Read more
-
Cybersecurity News
CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploit ... Read more
-
Help Net Security
PRevent: Open-source tool to detect malicious code in pull requests
Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), an ... Read more
-
Dark Reading
Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild
Source: Chiew via ShutterstockAttackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authenticatio ... Read more
-
security.nl
Palo Alto Networks meldt actief misbruik van firewall-kwetsbaarheden
Aanvallers maken actief misbruik van drie kwetsbaarheden in firewalls van Palo Alto Networks om kwetsbare apparaten te compromitteren, zo laat de leverancier weten, die van de 'hoogste urgentie' spree ... Read more
-
BleepingComputer
Palo Alto Networks tags new firewall bug as exploited in attacks
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active att ... Read more
-
Cyber Security News
Palo Alto Warns of Hackers Combining Vulnerabilities to Compromise Firewalls
Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generatio ... Read more
-
security.nl
Onderzoekers vinden Grub2- en UEFI-lekken in firewalls Palo Alto Networks
Onderzoekers hebben in firewalls van Palo Alto Networks meerdere kwetsbaarheden aangetroffen die al jaren oud en bekend zijn. Het gaat onder andere om een beveiligingslek in de Grub2-bootloader uit 20 ... Read more
-
Help Net Security
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulne ... Read more
-
Cybersecurity News
CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices
Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls.The backdoor was uncovered during a forensic investigation into a compromis ... Read more
-
TheCyberThrone
Most Exploited Vulnerabilities in 2024 Top 20 Analysis
In 2024, the cybersecurity landscape saw a significant number of exploited vulnerabilities, highlighting the ongoing challenges organizations face in protecting their systems and data.Some key trends ... Read more
-
Cybersecurity News
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ... Read more
-
Cybersecurity News
PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623)
Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo ... Read more
-
Cybersecurity News
CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution
A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as C ... Read more
-
Darktrace
Darktrace’s view on Operation Lunar Peek: Exploitation of Palo Alto firewall devices (CVE 2024-2012 and 2024-9474)
Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-2012 and 2024-9474). Learn about the spike in post-exploitation activi ... Read more
-
Cybersecurity News
Multiple Vulnerabilities in SonicWall SMA 100 Could Lead to Remote Code Execution
SonicWall has issued a security advisory regarding several vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from Apache HTTP Server ... Read more
-
TheCyberThrone
The CyberThrone Most Exploited Vulnerabilities Top 10 – November 2024
Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of November 2024CVE-2024-9463: Palo Alto OS Command InjectionCVSS 3.1 Score : 9.9 CISA KEV: YesThis vuln ... Read more
The following table lists the changes that have been made to the
CVE-2024-9474 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Dec. 20, 2024
Action Type Old Value New Value Changed Reference Type https://github.com/k4nfr3/CVE-2024-9474 No Types Assigned https://github.com/k4nfr3/CVE-2024-9474 Exploit Changed Reference Type https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ No Types Assigned https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ Exploit, Third Party Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 29, 2024
Action Type Old Value New Value Added Reference https://github.com/k4nfr3/CVE-2024-9474 Added Reference https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ -
Modified Analysis by [email protected]
Nov. 26, 2024
Action Type Old Value New Value Changed Reference Type https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ No Types Assigned https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ Press/Media Coverage, Vendor Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 24, 2024
Action Type Old Value New Value Added Reference https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ -
Initial Analysis by [email protected]
Nov. 19, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://security.paloaltonetworks.com/CVE-2024-9474 No Types Assigned https://security.paloaltonetworks.com/CVE-2024-9474 Vendor Advisory Added CWE NIST CWE-78 Added CPE Configuration OR *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (excluding) 10.1.14 *cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 10.2.0 up to (excluding) 10.2.12 *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.6 *cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.1.0 up to (excluding) 11.1.5 *cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.2.0 up to (excluding) 11.2.4 *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:* -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 19, 2024
Action Type Old Value New Value Added Date Added 2024-11-18 Added Vulnerability Name Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability Added Due Date 2024-12-09 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet. -
CVE Received by [email protected]
Nov. 18, 2024
Action Type Old Value New Value Added Description A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. Added Reference Palo Alto Networks, Inc. https://security.paloaltonetworks.com/CVE-2024-9474 [No types assigned] Added CWE Palo Alto Networks, Inc. CWE-78 Added CVSS V4.0 Palo Alto Networks, Inc. CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red