VDB
CISA-2024-9474
CISA-2024-9474
PUBLISHED
CVSS 6.9 MEDIUM
Reported by palo_alto · Published November 18, 2024
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Risk Scores
CVSS 4.0
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | Cloud NGFW | All |
| Palo Alto Networks | PAN-OS | 11.2.0, 11.1.0, 11.0.0 |
| Palo Alto Networks | Prisma Access | All |
| Palo Alto Networks | Prisma Access | All, All |
| paloaltonetworks | pan-os | 10.2.0, 10.1.0, 11.2.0 |
| Palo Alto Networks | Cloud NGFW | All, All |
| Palo Alto Networks | PAN-OS | 11.2.0, 11.1.0, 11.0.0 |
Timeline
- Nov 18, 2024 CVE Published
- Oct 21, 2025 CVE Updated
References
- vendor-advisory
- https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ url
- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ url
- https://github.com/k4nfr3/CVE-2024-9474 exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474 url