Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Research

Emerging Threat: Palo Alto PAN-OS CVE-2024-0012 & CVE-2024-9474

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
November 20, 2024

What are CVE-2024-0012 & CVE-2024-9474? 

On November 18, 2024, Palo Alto Networks (PAN) fully disclosed two serious vulnerabilities in PAN-OS software that had previously been partially disclosed on November 8th. 

The first vulnerability, CVE-2024-0012, is a critical severity (9.3) authentication bypass in the PAN-OS management web interface. It allows unauthenticated attackers with network access to gain administrator privileges by bypassing the authentication check entirely, essentially telling the server not to check for authentication at all. 

The second vulnerability, CVE-2024-9474, is a medium severity (6.9) authenticated privilege escalation vulnerability that creates additional risks when combined with CVE-2024-0012. 

Chained together, these vulnerabilities create the perfect conditions for pre-authenticated Remote Code Execution (RCE), allowing an attacker to appoint themselves a PAN-OS administrator and perform actions on the firewall with root privileges using access to the management web interface. 

What assets are affected by these vulnerabilities? 

The following assets are affected by CVE-2024-0012 & CVE-2024-9474: 

  • PAN-OS 11.2: Versions earlier than 11.2.4-h1.
  • PAN-OS 11.1: Versions earlier than 11.1.5-h1.
  • PAN-OS 11.0: Versions earlier than 11.0.6-h1.
  • PAN-OS 10.2: Versions earlier than 10.2.12-h2.
  • PAN-OS 10.1: Versions earlier than 10.1.14-h6

Cloud NGFW and Prisma Access are not impacted by these vulnerabilities.

Are fixes available? 

Upgrade: Customers are advised to upgrade to the latest fixed versions

  • PAN-OS 11.2.4-h1
  • PAN-OS 11.1.5-h1
  • PAN-OS 11.0.6-h1
  • PAN-OS 10.2.12-h2
  • PAN-OS 10.1.14-h6

All later PAN-OS versions are not impacted by these vulnerabilities. 

Are there any other recommended actions to take? 

If it isn’t feasible to patch affected devices, the risk from these vulnerabilities can be mitigated by restricting access to the management interface to only trusted internal IP addresses. 

Palo Alto Networks has also released a list of Indicators of Compromise (IOCs). 

Are CVE-2024-0012 & CVE-2024-9474 being actively exploited? 

Palo Alto Networks has identified actors actively exploiting these vulnerabilities, although this activity has not been linked to any specific groups yet. Once actors have successfully exploited these vulnerabilities, researchers have observed activities like interactive command execution and dropping malware, like webshells, on the firewall.

How are enterprises at risk from CVE-2024-0012 & CVE-2024-9474?

This isn’t the first PAN-OS vulnerability we’ve covered in 2024 and much of the same dangers we outlined in our response to CVE-2024-3400 apply to these vulnerabilities as well. Palo Alto Networks products are incredibly common across enterprises globally – over 50% of CyCognito customers use at least one externally exposed Palo Alto Networks product – and larger organizations have more vulnerable assets. Fortune 100 enterprises can have PAN-OS management devices on up to 150 different networks, each working with a different brand, subsidiary, or smaller organization within the larger enterprise. 

Even if security teams have perfect visibility into their external environments, deploying patches across 150 different networks can be a significant challenge – but that assumes perfect visibility. It’s far more common for organizations to have undermanaged or unknown assets. Our previous research indicates that organizations are unaware of 10-30% of their subsidiaries before they begin managing their exposed attack surface with CyCognito.   

How is CyCognito helping customers identify assets vulnerable to CVE-2024-0012 & CVE-2024-9474? 

CyCognito discovery and testing engines actively detect vulnerable versions of PAN-OS and CyCognito is currently investigating additional active testing methods for this vulnerability. All customers have access to an in-platform emerging security issue announcement as of November 20th, 2024.    

Figure 1: The alert sent by CyCognito for CVE-2024-0012 & CVE-2024-9474

How can CyCognito help your organization? 

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.


Topics



Search the Blog



Recent Posts




Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024




Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.