sfewer-r7's assessment of CVE-2024-0012

Description

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .

The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Add Assessment

sfewer-r7 (113)

November 20, 2024 9:34am UTC (21 hours ago)•

Ratings

Attacker Value

Very High

Exploitability

Very High

Vulnerable in default configuration

Technical Analysis

Based upon writing a Metasploit exploit module for this exploit chain, I have rated the exploitability of this as very high, as a target PAN-OS management interface is vulnerable in a default configuration.

ccondon-r7 (282)

November 18, 2024 9:54pm UTC (2 days ago)

Ratings

Attacker Value

Very High

Common in enterprise Unauthenticated

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

paloaltonetworks

Products

pan-os,
pan-os 10.2.12,
pan-os 11.0.6,
pan-os 11.1.5,
pan-os 11.2.4

Exploited in the Wild

Reported by:

cbeek-r7 indicated source as Vendor Advisory (https://security.paloaltonetworks.com/CVE-2024-0012)

Reported: November 18, 2024 3:35pm UTC (2 days ago)

ccondon-r7 indicated source as News Article or Blog (https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/)

Reported: November 18, 2024 9:53pm UTC (2 days ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog)

Reported: November 19, 2024 8:39am UTC (1 day ago)

References

Canonical

CVE-2024-0012 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0012)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2024-0012-POC (https://github.com/Sachinart/CVE-2024-0012-POC) (Added by AKB Worker)

Miscellaneous

https://security.paloaltonetworks.com/CVE-2024-0012

Rapid7

Very High

CVE-2024-0012

Very High

Very High

None

None

Network

CVE-2024-0012

Description