CVE-2024-0012

Vulnerability updated 8 months ago (2024-11-29T13:58:17.350Z)

Download STIX

Preview STIX

CVE-2024-0012 is a significant vulnerability found in the Palo Alto Networks PAN-OS software. This flaw allows an unauthenticated attacker with network access to the management interface to bypass authentication protocols and gain administrative privileges within the PAN-OS environment. With these elevated rights, the attacker can perform administrative actions, alter configurations, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474. The security issue was first documented in the Palo Alto Networks Security Advisories, which provides comprehensive details about this vulnerability. The advisories also offer up-to-date information regarding the affected products and versions. This bug has been assigned a high severity rating of 9.3 on the Common Vulnerability Scoring System (CVSS), indicating its potential for substantial impact if exploited. In response to this threat, Palo Alto Networks issued a critical security bulletin warning about fresh threat activity targeting the unauthenticated remote command injection vulnerability (CVE-2024-0012). Users are strongly advised to refer to the advisories for remediation guidance and further updates. It is crucial that all affected systems are patched promptly to mitigate the risk associated with this vulnerability.

Description last updated: 2024-11-25T13:42:48.855Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2024-9474 is associated with CVE-2024-0012.	Unspecified	3

Source Document References

Information about the CVE-2024-0012 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	5 months ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog \| CISA
DARKReading	5 months ago	Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware
CISA	7 months ago	Siemens RUGGEDCOM APE1808 \| CISA
CISA	7 months ago	CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA
Securityaffairs	8 months ago	More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
CISA	8 months ago	CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA
Canadian Centre for Cyber Security	8 months ago	Palo Alto Networks security advisory (AV24-670) - Canadian Centre for Cyber Security
Canadian Centre for Cyber Security	8 months ago	Securing Palo Alto management interfaces from exploitation - Update 1 - Canadian Centre for Cyber Security
DARKReading	8 months ago	Palo Alto Patches Critical Zero-Day Firewall Bug
Unit42	8 months ago	Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)
CISA	8 months ago	CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA
Securityaffairs	8 months ago	U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog