Advisory 2024-2329 - PaloAlto Networks PAN-OS: Multiple vulnerabilities allow privilege escalation
5 |
|
5 |
|
- Date
- 2024-11-11
- Release
- 2024-11-22 UPDATE
Operating System
- Appliance
- Hardware Appliance
Software
- PaloAlto Networks PAN-OS
- UPDATE 2024-11-19
- PaloAlto Networks PAN-OS < 10.1.14-h6
- PaloAlto Networks PAN-OS < 10.2.12-h2
- PaloAlto Networks PAN-OS < 11.0.6-h1
- PaloAlto Networks PAN-OS < 11.1.5-h1
- PaloAlto Networks PAN-OS < 11.2.4-h1
Attack
A remote anonymous attacker can exploit multiple vulnerabilities in PaloAlto Networks PAN-OS in order to bypass authentication and then gain root rights.
Description
PAN-OS is the operating system of the securitysystems / firewalls by Palo Alto Networks.
CVE-2024-0012, CVE-2024-9474
There are multiple vulnerabilities in PaloAlto Networks PAN-OS affecting the management interface. An authentication bypass allows a remote anonymous attacker to gain access to the management interface. The second vulnerability is a privilege escalation that allows the attacker to perform actions on the firewall with root privileges. A remote anonymous attacker can exploit this vulnerabilities in combination to take control of affected systems, especially when the management interface is exposed to untrusted networks.
UPDATE 2024-11-15
Palo Alto Networks reports active exploitation of these vulnerabilities.
PoC code to exploit these vulnerabilities is available on the Internet.
Recommendation
There is currently no update or patch available to fix this vulnerability. Palo Alto Networks recommends securing management access as a preventative measure.
https://security.paloaltonetworks.com/PAN-SA-2024-0015
UPDATE 2024-11-19
PaloAlto Networks provides updates. Please update your installation and see the vendors advisory to find the proper version suitable for your environment.
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
Information
Palo Alto Networks Security Advisories dated 2024-11-10
https://security.paloaltonetworks.com/PAN-SA-2024-0015
Palo Alto Networks Security Advisories dated 2024-11-14
https://security.paloaltonetworks.com/PAN-SA-2024-0015
Palo Alto Networks Security Advisories / CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-0012
Palo Alto Networks Security Advisories / CVE-2024-9474
https://security.paloaltonetworks.com/CVE-2024-9474
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
WatchTower Labs Vulnerability Research dated 2024-11-21
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
References
CVE:CVE-2024-0012CVE:CVE-2024-9474
PALOALTO:PAN-SA-2024-0015
VULNAME:LUNAR-PEEK
Disclaimer
*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.
Copyright © 1999-2024 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.
The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.