TrendingExploitCVE-2024-9474
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. This vulnerability affects the PAN-OS software, but Cloud NGFW and Prisma Access are not impacted.
Impact
This vulnerability could allow an attacker who already has administrator access to the PAN-OS management web interface to escalate their privileges to root level. This would give them complete control over the firewall, potentially allowing them to modify firewall rules, access sensitive data, or compromise the entire network security infrastructure. The attack vector is network-based, with low attack complexity, requiring no user interaction. The CVSS v4 base score is 6.9 (Medium severity), with high impact on system integrity. The vulnerability is actively being exploited in the wild and has been added to the CISA Known Exploited Vulnerability list, indicating its severity and the urgency for patching.
Exploitation
There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including infosec.exchange.
Patch
As of the information provided, there is no specific mention of a patch being available. Given the severity of the vulnerability and its active exploitation, it is crucial for the security team to closely monitor Palo Alto Networks' security advisories for patch information and apply any security updates as soon as they become available.
Mitigation
While waiting for an official patch, the following mitigation steps are recommended: 1. Limit access to the PAN-OS management web interface to only necessary personnel. 2. Implement strong authentication mechanisms for administrator accounts. 3. Monitor and audit administrator activities on the PAN-OS management interface. 4. Consider implementing network segmentation to limit the potential impact if the firewall is compromised. 5. Regularly review and update firewall rules and configurations. 6. Ensure that Cloud NGFW and Prisma Access deployments are kept separate, as they are not affected by this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red
Timeline
Attacks in the wild have been reported by inthewild.io.
Detection for the vulnerability has been added to Qualys (731914)
Feedly found the first article mentioning CVE-2024-9474. See article
Attacks in the wild have been reported by #threatintel. See article
CVE-2024-9474 is a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management interface to gain administrator privileges, enabling them to perform administrative actions and exploit other privilege escalation vulnerabilities. The vulnerability is associated with the Web Management Interface and poses significant risks to the configuration integrity of affected systems. There is no information provided regarding CVSS scores, exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-9474
A CVSS base score of 6.9 has been assigned.
Attacks in the wild have been reported by CISA Known Exploited Vulnerability.