CVE-2024-9474
Published: 18 November 2024
Summary
CVE-2024-9474 is a medium-severity OS Command Injection (CWE-78) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 6.9 (Medium).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software that permits an authenticated administrator with access to the management web interface to execute actions on the firewall with root privileges. The issue stems from improper handling of commands, tracked under CWE-78, and affects PAN-OS installations while leaving Cloud NGFW and Prisma Access unaffected. The vulnerability carries a CVSS 4.0 score of 6.9, reflecting network attack vector, low attack complexity, and high privileges required.
An attacker who already possesses valid administrative credentials to the management interface can leverage the flaw to escalate to root-level control, enabling arbitrary actions on the affected firewall without further authentication barriers.
Palo Alto Networks has published an advisory detailing the issue along with associated patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation. Public references include technical analyses from Unit 42 and WatchTowr Labs as well as a proof-of-concept repository on GitHub.
The EPSS score currently stands at 0.9417 with a recorded peak of 0.9752, reflecting sustained high exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50354
Vulnerability details
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this…
more
vulnerability.
- CWE(s)
- KEV Date Added
- 18 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the root-privilege escalation path by restricting authenticated management-interface administrators to only the privileges required for their role.
Enforces the intended access-control policy on the PAN-OS management web interface so that an administrator cannot bypass normal privilege boundaries to obtain root.
Requires timely installation of the vendor patches that close the CWE-78 flaw before an attacker with admin credentials can exploit it.