November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Two critical vulnerabilities in Palo Alto Networks PAN-OS, CVE-2024-0012 and CVE-2024-9474, have been disclosed. CVE-2024-0012 is an authentication bypass allowing unauthenticated remote attackers to gain admin privileges, while CVE-2024-9474 is an authenticated privilege escalation bug. These can be chained for full system compromise. Active exploitation has been observed for CVE-2024-0012. Affected versions include PAN-OS 10.2, 11.0, 11.1, and 11.2. Patches are available, and organizations are urged to update immediately. Censys identified 13,324 publicly exposed NGFW management interfaces, with 34% in the US. Limiting public exposure and upgrading to PAN-OS 10.2 or later is recommended.
OPENCTI LABELS :
vpn,rce,authentication bypass,privilege escalation,pan-os,cve-2024-9474,critical vulnerability,cve-2024-0012
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]