A critical vulnerability chain in Palo Alto PAN-OS, combining an authentication bypass (CVE-2024-0012) and a command injection flaw (CVE-2024-9474) in the management web interface, allows unauthenticated attackers to execute arbitrary code with root privileges.
🛠 Affected Versions:
— PAN-OS 11.2 (up to and including 11.2.4-h1)
— PAN-OS 11.1 (up to and including 11.1.5-h1)
— PAN-OS 11.0 (up to and including 11.0.6-h1)
— PAN-OS 10.2 (up to and including 10.2.12-h2)
🔗 Research:
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
🔗 PoC:
https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012
🔗 Exploit:
https://github.com/Chocapikk/CVE-2024-9474
#paloalto #panos #sslvpn #unauth #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍7