CVE-2024-9474
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 03, 2024
- Published Date
- November 18, 2024
- Last Updated
- November 29, 2024
- Vendor
- Palo Alto Networks
- Product
- Cloud NGFW, PAN-OS, Prisma Access
- Description
- A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
- Tags
- Exploitation
- active
- Technical Impact
- total
CVSS Scores
CVSS v4.0
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
SSVC Information
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-11-18 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_management_unauth_rce.rb | 2025-04-29 11:01:14 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9474.yaml | 2025-04-26 00:00:00 UTC |
| Nessus | https://www.tenable.com/plugins/nessus/211513 | 2024-11-18 20:22:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
panos_management_unauth_rce
Type: metasploit • Created: Unknown
coskper-papa/PAN-OS_CVE-2024-9474
Type: github • Created: 2024-12-11 03:10:41 UTC • Stars: 2
k4nfr3/CVE-2024-9474
Type: github • Created: 2024-11-19 22:03:13 UTC • Stars: 8
Chocapikk/CVE-2024-9474
Type: github • Created: 2024-11-19 17:26:27 UTC • Stars: 45
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nessus
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Detected by Metasploit