Rapid7 Vulnerability & Exploit Database

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
11/08/2024
Created
11/19/2024
Added
11/18/2024
Modified
11/25/2024

Description

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Solution(s)

  • palo-alto-networks-pan-os-upgrade-10-2-0
  • palo-alto-networks-pan-os-upgrade-10-2-1
  • palo-alto-networks-pan-os-upgrade-10-2-10
  • palo-alto-networks-pan-os-upgrade-10-2-11
  • palo-alto-networks-pan-os-upgrade-10-2-12
  • palo-alto-networks-pan-os-upgrade-10-2-2
  • palo-alto-networks-pan-os-upgrade-10-2-3
  • palo-alto-networks-pan-os-upgrade-10-2-4
  • palo-alto-networks-pan-os-upgrade-10-2-5
  • palo-alto-networks-pan-os-upgrade-10-2-6
  • palo-alto-networks-pan-os-upgrade-10-2-7
  • palo-alto-networks-pan-os-upgrade-10-2-8
  • palo-alto-networks-pan-os-upgrade-10-2-9
  • palo-alto-networks-pan-os-upgrade-11-0-0
  • palo-alto-networks-pan-os-upgrade-11-0-1
  • palo-alto-networks-pan-os-upgrade-11-0-2
  • palo-alto-networks-pan-os-upgrade-11-0-3
  • palo-alto-networks-pan-os-upgrade-11-0-4
  • palo-alto-networks-pan-os-upgrade-11-0-5
  • palo-alto-networks-pan-os-upgrade-11-0-6
  • palo-alto-networks-pan-os-upgrade-11-1-0
  • palo-alto-networks-pan-os-upgrade-11-1-1
  • palo-alto-networks-pan-os-upgrade-11-1-2
  • palo-alto-networks-pan-os-upgrade-11-1-3
  • palo-alto-networks-pan-os-upgrade-11-1-4
  • palo-alto-networks-pan-os-upgrade-11-1-5
  • palo-alto-networks-pan-os-upgrade-11-2-0
  • palo-alto-networks-pan-os-upgrade-11-2-1
  • palo-alto-networks-pan-os-upgrade-11-2-2
  • palo-alto-networks-pan-os-upgrade-11-2-3
  • palo-alto-networks-pan-os-upgrade-11-2-4

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;