← voltar
CVE-2024-0012

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

CVSS 9.3 CRITICALEPSS 99.7%● KEVCWE-306
Em resumo

Um atacante sem senha consegue contornar a autenticação em firewalls Palo Alto Networks e obter acesso total de administrador. Isso permite alterar configurações do firewall, roubar dados ou executar outros ataques.

Detalhe técnico

Falha de autenticação na interface web de gerenciamento do PAN-OS (CWE-306) que permite a atacantes não autenticados com acesso à rede obter privilégios de administrador sem credenciais, possibilitando alteração de configurações e encadeamento com CVE-2024-9474. Afeta PAN-OS 10.2, 11.0, 11.1 e 11.2; risco reduzido com restrição de acesso à interface a IPs internos confiáveis.

Resumo gerado e traduzido por IA a partir da descrição oficial.
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
Produtos afetados
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma Access
PoCs públicas encontradas10
githubgithub.com/watchtowrlabs/palo-alto-panos-cve-2024-001224githubgithub.com/Sachinart/CVE-2024-0012-POC20githubgithub.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC8githubgithub.com/Regent8SH/PanOsExploitMultitool5githubgithub.com/dcollaoa/cve-2024-0012-gui-poc4githubgithub.com/0xjessie21/CVE-2024-00123githubgithub.com/iSee857/CVE-2024-0012-poc2githubgithub.com/greaselovely/CVE-2024-00121githubgithub.com/Gr-1m/cve-2024-0012-poc0githubgithub.com/punitdarji/Paloalto-CVE-2024-00120
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/https://security.paloaltonetworks.com/CVE-2024-0012https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012