CVE-2024-0012 and CVE-2024-9474 expose critical risks in PAN-OS management web interface. Immediate action is required to secure your systems.
Palo Alto Networks has disclosed two critical vulnerabilities affecting its PAN-OS platform. These vulnerabilities, identified as CVE-2024-0012 and CVE-2024-9474, pose significant security risks with a CVSS score of 9.3. Organizations using affected versions of PAN-OS should act immediately to mitigate potential threats.
Key Vulnerabilities
CVE-2024-0012: Authentication Bypass
Allows unauthenticated attackers with network access to the management web interface to gain administrative privileges.
Impact: Configuration tampering and exploitation of other vulnerabilities (e.g., CVE-2024-9474).
CVE-2024-9474: Privilege Escalation
Enables a PAN-OS administrator to perform root-level actions on the firewall via the management web interface.
Note: Cloud NGFW and Prisma Access are not impacted by these vulnerabilities.
Affected Versions and Fixed Versions
Vulnerable Versions:
PAN-OS < 11.2.4-h1
PAN-OS < 11.1.5-h1
PAN-OS < 11.0.6-h1
PAN-OS < 10.2.12-h2
PAN-OS < 10.1.14-h6
Fixed Versions:
PAN-OS 11.2.4-h1 and later
PAN-OS 11.1.5-h1 and later
PAN-OS 11.0.6-h1 and later
PAN-OS 10.2.12-h2 and later
PAN-OS 10.1.14-h6 and later
Recommendations and Workarounds
Upgrade Immediately:Update to the latest fixed version of PAN-OS as listed above.
Workarounds (if unable to update):
Restrict Management Interface access to trusted internal IPs.
Use Threat Prevention to block attacks using Threat IDs (95746, 95747, 95752, 95753, 95759, 95763) in Applications and Threats content version 8915-9075 or later.
Route management traffic through a DP port and replace certificates for inbound traffic.
Decrypt and inspect inbound management traffic with threat prevention enabled.
Follow Palo Alto’s Best Practices:
Refer to Palo Alto’s guides for securing administrative access:
For more information, visit:
Comments