CVE-2024-9474 - Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Vulnerability Name

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Description

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Additional Notes

https://security.paloaltonetworks.com/CVE-2024-9474

https://nvd.nist.gov/vuln/detail/CVE-2024-9474

Related News Articles

CISA flags Craft CMS code injection flaw as exploited in attacksFebruary 21, 2025

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the WildFebruary 20, 2025

Palo Alto Networks tags new firewall bug as exploited in attacksFebruary 19, 2025

Attackers are chaining flaws to breach Palo Alto Networks firewallsFebruary 19, 2025

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities ListFebruary 19, 2025