PAN-OS Management Web Interface Authentication Bypass (CVE-2024-0012) Advisory

Key Information: 1. Vulnerability ID: - CVE-2024-0012 2. Vulnerability Name: - PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) 3. Vulnerability Description: - An unauthorized attacker can access the management web interface over the network, gain PAN-OS administrator privileges, perform administrative operations, modify configurations, or exploit other authenticated privilege escalation vulnerabilities such as CVE-2024-9474. 4. Affected Products: - PAN-OS 10.2, 11.0, 11.1, 11.2 - PA-Series, VM-Series, CN-Series firewalls and Panorama (virtual and M-Series) 5. Product Status: - Versions 11.2, 11.1, 11.0, 10.2, 10.1, and Prisma Access are affected. 6. Mitigation Measures: - Strongly recommend restricting access to the management interface according to best practice deployment guidelines, allowing access only from internal IP addresses. - Use Threat Prevention subscription with Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (for versions 8915-9075 and later) to protect the management interface from attacks. 7. Vulnerability Type: - CWE-306: Missing Authentication for Critical Function - CAPEC-115: Authentication Bypass 8. Mechanism and Impact: - The management interface is exposed either directly via configuration or through data plane interfaces. - Risk can be reduced by configuring the management interface to allow access only from internal IP addresses. 9. Severity: - CRITICAL - Recommended Urgency: HIGHEST 10. Exploitation Status: - Palo Alto Networks has observed limited threat activity targeting management interfaces exposed to the internet. 11. FAQs: - For detailed information on IoCs and threat activity, refer to the Unit42 Threat Brief. - If the management web interface is exposed to the internet, closely monitor the network for suspicious threat activity. - Xpanse and XSIAM can be used to identify management interfaces exposed to the internet. 12. CPEs: - Multiple CPE entries are listed to describe affected systems. 13. Timeline: - Timeline of vulnerability discovery and remediation is provided. Summary: This vulnerability allows unauthorized attackers to access the management web interface over the network, gain PAN-OS administrator privileges, perform administrative operations, modify configurations, or exploit other authenticated privilege escalation vulnerabilities. It is strongly recommended to restrict access to the management interface according to best practice deployment guidelines and use Threat Prevention subscription to protect the management interface from attacks.

Goal Reached Thanks to every supporter — we hit 100%!

PAN-OS Management Web Interface Authentication Bypass (CVE-2024-0012) Advisory