Cyber Resilience

CVE-2024-0012

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 18 November 2024

Published
18 November 2024
Modified
04 November 2025
KEV Added
18 November 2024
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red
EPSS Score 0.9428 99.9th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0012 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2024-0012 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS software that affects the management web interface. It impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2, while Cloud NGFW and Prisma Access are not affected. The flaw is categorized under CWE-306 and carries a CVSS 4.0 score of 9.3.

An unauthenticated attacker with network access to the management interface can exploit the issue to obtain full PAN-OS administrator privileges. This enables arbitrary administrative actions, configuration tampering, and chaining to other authenticated privilege-escalation flaws such as CVE-2024-9474.

Vendor guidance states that the risk is substantially reduced by restricting management interface access to trusted internal IP addresses in accordance with Palo Alto Networks best-practice deployment recommendations. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9719 with a current value of 0.9428.

EU & UK References

Vulnerability details

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation…

more

vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CWE(s)
KEV Date Added
18 November 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

paloaltonetworks
pan-os
10.2.0, 10.2.1, 10.2.10, 10.2.11, 10.2.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts network access to the PAN-OS management interface to only trusted internal IP addresses, directly implementing the vendor-recommended mitigation for this authentication bypass.

prevent

Requires explicit authorization and control of remote connections to the management web interface, blocking unauthenticated external access that enables the CVE-2024-0012 exploit.

prevent

Enforces authentication and access rules before any administrative function can be invoked on the management interface, addressing the missing-authentication root cause.

References