Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-0012
CVE-2024-0012:
PAN-OS vulnerability analysis and mitigation
Overview
An authentication bypass vulnerability (CVE-2024-0012) was discovered in Palo Alto Networks PAN-OS software, affecting versions 10.2, 11.0, 11.1, and 11.2. The vulnerability was disclosed on November 18, 2024, and enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. This issue affects PA-Series, VM-Series, and CN-Series firewalls and Panorama devices, while Cloud NGFW and Prisma Access are not impacted (Palo Advisory).
Technical details
The vulnerability stems from an improper implementation of authentication checks in the Nginx configuration, where attackers can bypass authentication by supplying the 'X-PAN-AUTHCHECK: off' header in requests to protected endpoints. The vulnerability has a CVSS v4.0 base score of 9.3 (CRITICAL) and a CVSS v3.1 base score of 9.8, indicating its severe nature. The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function) (Watchtowr Labs).
Impact
Successful exploitation allows attackers to perform administrative actions, tamper with device configurations, and potentially exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474. The impact is particularly severe for devices with management interfaces exposed to untrusted networks or the internet (Palo Advisory).
Mitigation and workarounds
Palo Alto Networks has released fixes in PAN-OS versions 10.2.12-h2, 11.0.6-h1, 11.1.5-h1, and 11.2.4-h1. The primary mitigation recommendation is to restrict management interface access to trusted internal IP addresses only. Additional protection can be achieved by using Threat Prevention subscription with Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 in block mode. For compromised devices, Palo Alto Networks recommends taking the device offline and performing an Enhanced Factory Reset (Palo Advisory).
Community reactions
The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, with a remediation due date of December 9, 2024. CISA recommends either applying vendor mitigations or discontinuing use of the product if mitigations are unavailable (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management