{"uuid": "d6006baf-209a-4a38-8a58-394ea67eab2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Palo Alto (confusion?) - Privilege Escalation (PE) Vulnerability in the Web Management Interface versus : Authentication Bypass in the Management Web Interface", "description": "\nBased on [Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 ](https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/), *This is a pair of bugs, described as \u2018Authentication Bypass in the Management Web Interface\u2019 and a \u2018Privilege Escalation\u2018 respectively, strongly suggesting they are used as a chain to gain superuser access, a pattern that we\u2019ve seen before with Palo Alto appliances. Before we\u2019ve even dived into to code, we\u2019ve already ascertained that we\u2019re looking for a chain of vulnerabilities to achieve that coveted pre-authenticated Remote Code Execution.*.\n\nThe following CVEs were assigned:\n\n- [CVE-2024-9474](https://www.cve.org/CVERecord?id=CVE-2024-9474) - A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.\n\n- [CVE-2024-0012](https://www.cve.org/CVERecord?id=CVE-2024-0012) - An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.\n\n", "creation_timestamp": "2024-11-19T13:20:15.108737+00:00", "timestamp": "2024-11-19T13:20:15.108737+00:00", "related_vulnerabilities": ["CVE-2024-0012", "CVE-2024-9474"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}