CVE-2024-9474 - Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9474: Palo Alto Networks | PAN-OS

Date Added:
2024-11-18

Due Date:
2024-12-09

Vulnerability Name: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Description: Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Additional Notes: https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474

Free security scan for your website

Don't show website scan report rating on the leaderboard