CVE-2024-0012
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-0012 is a newly disclosed authentication bypass vulnerability in Palo Alto Networks PAN-OS software that allows unauthenticated attackers with network access to the management web interface to assume PAN-OS administrator privileges. This can enable them to perform administrative actions, tamper with the configuration, or exploit other privilege escalation vulnerabilities such as CVE-2024-9474. The risk of this issue is significantly decreased if access to the management web interface is restricted to trusted internal IP addresses, as per Palo Alto Networks' best practices. The vulnerability affects PAN-OS 10.2, 11.0, 11.1, and 11.2 software, but Cloud NGFW and Prisma Access are not impacted.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.