Cyber Resilience

CVE-2024-9474

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linkedRCE

Published: 18 November 2024

Published
18 November 2024
Modified
04 November 2025
KEV Added
18 November 2024
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red
EPSS Score 0.9417 99.9th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9474 is a medium-severity OS Command Injection (CWE-78) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 6.9 (Medium).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software that permits an authenticated administrator with access to the management web interface to execute actions on the firewall with root privileges. The issue stems from improper handling of commands, tracked under CWE-78, and affects PAN-OS installations while leaving Cloud NGFW and Prisma Access unaffected. The vulnerability carries a CVSS 4.0 score of 6.9, reflecting network attack vector, low attack complexity, and high privileges required.

An attacker who already possesses valid administrative credentials to the management interface can leverage the flaw to escalate to root-level control, enabling arbitrary actions on the affected firewall without further authentication barriers.

Palo Alto Networks has published an advisory detailing the issue along with associated patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation. Public references include technical analyses from Unit 42 and WatchTowr Labs as well as a proof-of-concept repository on GitHub.

The EPSS score currently stands at 0.9417 with a recorded peak of 0.9752, reflecting sustained high exploitation interest following disclosure.

EU & UK References

Vulnerability details

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this…

more

vulnerability.

CWE(s)
KEV Date Added
18 November 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

paloaltonetworks
pan-os
10.1.14, 10.2.12, 11.0.6, 11.1.5, 11.2.4 · 10.1.0 — 10.1.14 · 10.2.0 — 10.2.12 · 11.0.0 — 11.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the root-privilege escalation path by restricting authenticated management-interface administrators to only the privileges required for their role.

prevent

Enforces the intended access-control policy on the PAN-OS management web interface so that an administrator cannot bypass normal privilege boundaries to obtain root.

prevent

Requires timely installation of the vendor patches that close the CWE-78 flaw before an attacker with admin credentials can exploit it.

References