Back to KEVs

CVE-2024-0012

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Basic Information

CVE State: PUBLISHED
Reserved Date: November 09, 2023
Published Date: November 18, 2024
Last Updated: November 29, 2024
Vendor: Palo Alto Networks
Product: Cloud NGFW, PAN-OS, Prisma Access
Description: An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CVSS Scores

CVSS v4.0

9.3 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-11-18 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-11-22 07:52:11 UTC) Source

References

https://security.paloaltonetworks.com/CVE-2024-0012

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-11-18 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_management_unauth_rce.rb	2025-04-29 11:01:14 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0012.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC

Type: github • Created: 2024-12-11 18:13:32 UTC • Stars: 3

This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script automates the exploitation process, including payload creation, chunked delivery, and seamless command execution.

0xjessie21/CVE-2024-0012

Type: github • Created: 2024-11-30 16:06:02 UTC • Stars: 1

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC

iSee857/CVE-2024-0012-poc

Type: github • Created: 2024-11-22 07:52:11 UTC • Stars: 2

CVE-2024-0012批量检测脚本

Sachinart/CVE-2024-0012-POC

Type: github • Created: 2024-11-19 11:30:25 UTC • Stars: 19

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC