RCE in Palo Alto Networks Cloud Ngfw
CVE-2024-9474
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.942 (99.9th percentile) — read the EPSS interpretation.
Affected products
- Palo Alto Networks Cloud Ngfw — versions All
- Palo Alto Networks Pan-os — versions 11.2.0, 11.1.0, 11.0.0
- Palo Alto Networks Prisma Access — versions All
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- security.paloaltonetworks.com/CVE-2024-9474 (vendor-advisory)
Frequently asked questions
- What is CVE-2024-9474?
- CVE-2024-9474 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under OS Command Injection. Published 2024-11-18.
- Is CVE-2024-9474 known to be exploited?
- Yes. CVE-2024-9474 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-11-18), indicating it is being actively exploited. 37 public proof-of-concept repositories are indexed.