CVE-2024-0012
Published: 18 November 2024
Summary
CVE-2024-0012 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2024-0012 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS software that affects the management web interface. It impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2, while Cloud NGFW and Prisma Access are not affected. The flaw is categorized under CWE-306 and carries a CVSS 4.0 score of 9.3.
An unauthenticated attacker with network access to the management interface can exploit the issue to obtain full PAN-OS administrator privileges. This enables arbitrary administrative actions, configuration tampering, and chaining to other authenticated privilege-escalation flaws such as CVE-2024-9474.
Vendor guidance states that the risk is substantially reduced by restricting management interface access to trusted internal IP addresses in accordance with Palo Alto Networks best-practice deployment recommendations. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9719 with a current value of 0.9428.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-15815
Vulnerability details
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation…
more
vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
- CWE(s)
- KEV Date Added
- 18 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Restricts network access to the PAN-OS management interface to only trusted internal IP addresses, directly implementing the vendor-recommended mitigation for this authentication bypass.
Requires explicit authorization and control of remote connections to the management web interface, blocking unauthenticated external access that enables the CVE-2024-0012 exploit.
Enforces authentication and access rules before any administrative function can be invoked on the management interface, addressing the missing-authentication root cause.