CVE ID
CVE-2024-9474
Vulnerability Name
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
- Project: Palo Alto Networks
- Product: PAN-OS
Date
- Date Added: 2024-11-18
- Due Date: 2024-12-09
Description
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
Related Security News
- Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
- CISA flags Craft CMS code injection flaw as exploited in attacks
- Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild
- Palo Alto Networks tags new firewall bug as exploited in attacks
- Attackers are chaining flaws to breach Palo Alto Networks firewalls
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Top comments (0)