CVE-2024-9474
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 03, 2024
- Published Date
- November 18, 2024
- Last Updated
- November 29, 2024
- Vendor
- Palo Alto Networks
- Product
- Cloud NGFW, PAN-OS, Prisma Access
- Description
- A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVSS Scores
CVSS v4.0
6.9 - MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-11-18 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_management_unauth_rce.rb | 2025-04-29 11:01:14 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9474.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
panos_management_unauth_rce
Type: metasploit • Created: Unknown
Metasploit module for CVE-2024-9474
coskper-papa/PAN-OS_CVE-2024-9474
Type: github • Created: 2024-12-11 03:10:41 UTC • Stars: 2
Palo Alto Networks PAN-OS(CVE-2024-9474) POC
k4nfr3/CVE-2024-9474
Type: github • Created: 2024-11-19 22:03:13 UTC • Stars: 8
Chocapikk/CVE-2024-9474
Type: github • Created: 2024-11-19 17:26:27 UTC • Stars: 45
PAN-OS auth bypass + RCE