Back to KEVs

CVE-2024-0012

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Basic Information

CVE State
PUBLISHED
Reserved Date
November 09, 2023
Published Date
November 18, 2024
Last Updated
November 29, 2024
Vendor
Palo Alto Networks
Product
Cloud NGFW, PAN-OS, Prisma Access
Description
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Tags
cisa edge nuclei_scanner metasploit_scanner

CVSS Scores

CVSS v4.0

9.3 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-05 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2024-11-22 07:52:11 UTC) Source

References

https://security.paloaltonetworks.com/CVE-2024-0012

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-11-18 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_management_unauth_rce.rb 2025-04-29 11:01:14 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0012.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC

Type: github • Created: 2024-12-11 18:13:32 UTC • Stars: 3

This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script automates the exploitation process, including payload creation, chunked delivery, and seamless command execution.

0xjessie21/CVE-2024-0012

Type: github • Created: 2024-11-30 16:06:02 UTC • Stars: 1

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC

iSee857/CVE-2024-0012-poc

Type: github • Created: 2024-11-22 07:52:11 UTC • Stars: 2

CVE-2024-0012批量检测脚本

Sachinart/CVE-2024-0012-POC

Type: github • Created: 2024-11-19 11:30:25 UTC • Stars: 19

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Detected by Metasploit