CVE-2024-9471

Improper Privilege Management (CWE-269)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 5.1EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A privilege escalation vulnerability exists in the XML API of Palo Alto Networks PAN-OS software. This vulnerability allows an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For instance, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration, despite being limited to read-only operations.

Impact

The impact of this vulnerability is moderate. It could allow attackers with limited access to escalate their privileges and perform unauthorized actions on the system. For example, an attacker could modify system configurations that they should only be able to view. This could lead to unauthorized changes in system settings, potentially compromising the integrity and security posture of the affected PAN-OS systems. The CVSS v3.1 base score is 4.7 (Medium), with low impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires low attack complexity, and high privileges, but no user interaction.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Palo Alto Networks has released security updates to address CVE-2024-9471. The patch information can be found at https://security.paloaltonetworks.com/CVE-2024-9471.

Mitigation

To mitigate this vulnerability, the following actions are recommended: 1. Update affected PAN-OS systems to the latest patched versions. The vulnerability affects: - PAN-OS versions 9.0.0 to 10.0.0 (excluding 10.0.0) - PAN-OS versions 10.1.0 to 10.1.11 (excluding 10.1.11) - PAN-OS versions 10.2.0 to 10.2.8 (excluding 10.2.8) - PAN-OS versions 11.0.0 to 11.0.3 (excluding 11.0.3) 2. Implement strong access controls and regularly audit XML API key usage. 3. Monitor for any suspicious activities or unauthorized configuration changes. 4. Follow the principle of least privilege when assigning administrator roles. 5. Regularly rotate API keys and revoke any potentially compromised keys. 6. Keep informed about any additional security advisories from Palo Alto Networks regarding this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Green

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9471

Oct 9, 2024 at 5:15 PM
CVSS

A CVSS base score of 5.1 has been assigned.

Oct 9, 2024 at 5:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9471. See article

Oct 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 9, 2024 at 5:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 10, 2024 at 10:30 AM
CVSS

A CVSS base score of 4.7 has been assigned.

Oct 15, 2024 at 5:00 PM / nvd
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/pan-os
+null more

Patches

security.paloaltonetworks.com
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-122: Privilege Abuse
+null more

References

CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API (Severity: MEDIUM)
This issue requires the attacker to have authenticated access to the PAN-OS XML API. Product Confidentiality LOW

News

[no-title]
Prisma Cloud Compute Cortex XDR Agent 8.6
Update Sun Oct 27 14:34:00 UTC 2024
Update Sun Oct 27 14:34:00 UTC 2024
Tageszusammenfassung - 10.10.2024
Project: GutenbergDate: 2024-October-09Security risk: Moderately critical 12 - 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: =3.0.0 Description: This module provides a new UI experience for node editing using the Gutenberg Editor library.The module did not sufficiently protect some routes against a Cross Site Request Forgery attack.This vulnerability is mitigated by the fact that the tricked user needs to have an Project: FacetsDate: 2024-October-09Security risk: Critical 15 - 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: Description: This module enables you to to easily create and manage faceted search interfaces.The module doesnt sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.Solution: Install the latest version:If you use the Facets module, upgrade to Facets
Privilege escalation in PAN-OS XML API
A remote authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key can perform actions as a higher privileged PAN-OS Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
NA - CVE-2024-9471 - A privilege escalation (PE) vulnerability in...
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API...
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI