Auth bypass in Palo Alto Networks Cloud Ngfw
CVE-2024-0012
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with t…
Vulnerability class: Broken Authentication
EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.
Affected products
- Palo Alto Networks Cloud Ngfw — versions All
- Palo Alto Networks Pan-os — versions 11.2.0, 11.1.0, 11.0.0
- Palo Alto Networks Prisma Access — versions All
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
- watchtowrlabs/palo-alto-panos-cve-2024-0012
- Sachinart/CVE-2024-0012-POC
- TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC
- Regent8SH/PanOsExploitMultitool
- dcollaoa/cve-2024-0012-gui-poc
- 0xjessie21/CVE-2024-0012
- iSee857/CVE-2024-0012-poc
- greaselovely/CVE-2024-0012
- punitdarji/Paloalto-CVE-2024-0012
- Gr-1m/cve-2024-0012-poc
References
- security.paloaltonetworks.com/CVE-2024-0012 (vendor-advisory)
Frequently asked questions
- What is CVE-2024-0012?
- CVE-2024-0012 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under Missing Authentication for Critical Function. Published 2024-11-18.
- Is CVE-2024-0012 known to be exploited?
- Yes. CVE-2024-0012 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-11-18), indicating it is being actively exploited. 37 public proof-of-concept repositories are indexed.