CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-0012

Critical Severity|Paloaltonetworks
89
SVRS
9.8
CVSSv3
0.94285
EPSS
TAGS
In The WildExploit AvaliableCISA KEVExploit Available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2024-11-18
LAST MODIFIED2025-10-21

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This vulnerability, CVE-2024-0012, is an authentication bypass in Palo Alto Networks PAN-OS software. It is critical because it allows an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. With these privileges, an attacker can perform administrative actions, tamper with configurations, or exploit other authenticated privilege escalation vulnerabilities, such as CVE-2024-9474. The high CVSS score of 9.8 reflects the severe impact and ease of exploitation.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for CVE-2024-0012 is 9.8, indicating a Critical severity level. The vulnerability was published on 2024-11-18 15:47:41 UTC and last modified on 2025-10-21 22:55:36 UTC.
3. Which products, vendors, systems, and versions are affected?
  • Vendor: Palo Alto Networks
  • Product: PAN-OS software
  • Affected Versions: PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2.
  • Not Impacted: Cloud NGFW and Prisma Access are not impacted by this vulnerability.
4. What is the technical root cause and attack vector?
  • Technical Root Cause: The root cause is an authentication bypass vulnerability, classified under CWE-306 (Missing Authentication for Critical Function).
  • Attack Vector: The attack vector involves an unauthenticated attacker gaining network access to the management web interface of the affected PAN-OS device.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by an unauthenticated attacker who has network access to the management web interface of a vulnerable Palo Alto Networks PAN-OS device. By bypassing authentication, the attacker can gain full PAN-OS administrator privileges, enabling them to:
  • Perform arbitrary administrative actions.
  • Tamper with the device's configuration.
  • Exploit other authenticated privilege escalation vulnerabilities, such as CVE-2024-9474, for further compromise.
6. What mitigation steps and patches are available?
  • Mitigation: The primary mitigation step is to secure access to the management web interface by strictly restricting access to only trusted internal IP addresses. This should be done in accordance with Palo Alto Networks' recommended best practice deployment guidelines for securing management access.
  • Patches: The provided CVE data does not explicitly state the availability of patches at this time. Organizations should monitor official Palo Alto Networks advisories for patch releases.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by identifying Palo Alto Networks devices running the affected PAN-OS software versions: 10.2, 11.0, 11.1, and 11.2. Additionally, organizations should audit their network configurations to determine if the management web interface of these devices is accessible from untrusted networks or IP addresses.
9. Which threat actors are known to exploit this vulnerability?
While the provided information states that active exploits have been published to exploit this vulnerability, specific threat actors are not named. This suggests the exploit code is publicly available, increasing the risk of widespread exploitation by various malicious actors.
10. What public intelligence references and advisories exist?
  • CVE Identifier: CVE-2024-0012
  • Related Vulnerability: CVE-2024-9474 (mentioned as an example for authenticated privilege escalation post-exploitation, with an advisory available at https://security.paloaltonetworks.com/CVE-2024-9474)
  • Palo Alto Networks Deployment Guidelines: Recommended best practice deployment guidelines for securing management access are available at https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431
11. What is the risk assessment and urgency level?
  • Risk Assessment: The risk is assessed as Critical. This authentication bypass allows unauthenticated attackers with network access to achieve full administrative control over the affected PAN-OS devices. The potential impact includes complete compromise of the device, configuration manipulation, and further network intrusion.
  • Urgency Level: The urgency level is Immediate. Given the critical CVSS score of 9.8 and the confirmation that active exploits have been published, organizations must prioritize implementing the recommended mitigation steps without delay. Systems running affected versions with exposed management interfaces are at extremely high risk of compromise.
TypeIndicatorDate
IP
91.208.197.1672024-07-10Search on IOC Radar
IP
173.239.218.2512023-07-05Search on IOC Radar
IP
136.144.17.1772023-03-10Search on IOC Radar
IP
136.144.17.1702023-03-27Search on IOC Radar
IP
136.144.17.1542023-10-21Search on IOC Radar
IP
136.144.17.1462022-03-02Search on IOC Radar
IP
216.73.162.742022-12-24Search on IOC Radar
Show All 11 IOCs
TitleSoftware LinkDate
Regent8SH/PanOsExploitMultitoolhttps://github.com/Regent8SH/PanOsExploitMultitool2025-05-21
dcollaoa/cve-2024-0012-gui-pochttps://github.com/dcollaoa/cve-2024-0012-gui-poc2025-02-06
TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoChttps://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC2024-12-11
0xjessie21/CVE-2024-0012https://github.com/0xjessie21/CVE-2024-00122024-11-30
XiaomingX/cve-2024-0012-pochttps://github.com/XiaomingX/cve-2024-0012-poc2024-11-22
iSee857/CVE-2024-0012-pochttps://github.com/iSee857/CVE-2024-0012-poc2024-11-22
VegetableLasagne/CVE-2024-0012https://github.com/VegetableLasagne/CVE-2024-00122024-11-21
Show All 9 Exploits
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
CISA Flags Palo Alto PAN-OS Flaw as Actively Exploited - cyberpress.org
2026-06-02
CISA Flags Palo Alto PAN-OS Flaw as Actively Exploited - cyberpress.org | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication-bypass vulnerability in Palo Alto Networks’ PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Tracked as CVE-2026-0257, the flaw enables attackers to circumvent security restrictions and establish unauthorized VPN connections, posing a significant threat to enterprise network perimeters. The vulnerability resides in Palo Alto Networks’ PAN-OS, the operating system powering the company’s next-generation firewalls and network security appliances. Palo Alto PAN-OS Flaw
cve-2026-0257cve-2025-0108cve-2024-0012critical infrastructure
ISC StormCast for Wednesday, November 20th, 2024
Dr. Johannes B. Ullrich2024-11-20
ISC StormCast for Wednesday, November 20th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Debugger Detection; PAN-OS Patches; VCenter Attacks; Veritas Vuln;Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com
sans.edurssforumnews
Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect
Travis Meyers2026-05-01
Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect | Mustang Panda—also known in industry and government reporting as BASIN, BRONZE PRESIDENT, CAMARO DRAGON, EARTH PRETA, FIREANT, G0129, HIVE015, HoneyMyte, LUMINOUS MOTH, Polaris, RedDelta, STATELY TAURUS, TA416, TANTALUM, TEMP.HEX, TWILL TYPHOON, or UNC6384—is a highly active, state-sponsored Chinese cyber-espionage group assessed to operate under the People’s Republic of China (PRC). Active for over a decade, [&#8230;] The post Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect appeared first on <a
cve-2025-55182cve-2025-41244cve-2024-21893cve-2024-0012
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks - The Hacker News
2025-12-13
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks - The Hacker News | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code execution by means of a malicious HTTP request. "A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to
cve-2024-9474cve-2024-12856cve-2018-4063cve-2025-0108
CVSS vulnerability triage: 5 failures, 5 fixes - VentureBeat
2026-04-24
CVSS vulnerability triage: 5 failures, 5 fixes - VentureBeat | News Content: During Operation Lunar Peek in November 2024, attackers gained unauthenticated remote admin access — and eventual root — across more than 13,000 exposed Palo Alto Networks management interfaces. Palo Alto Networks scored CVE-2024-0012 at 9.3 and CVE-2024-9474 at 6.9 under CVSS v4.0. NVD scored the same pair 9.8 and 7.2 under CVSS v3.1. Two scoring systems. Two different answers for the same vulnerabilities. The 6.9 fell below patch thresholds. Admin access appeared required. The 9.3 sat queued for maintenance. Segmentation would hold. "Adversaries circumvent [severity
cve-2024-0012cve-2023-20198cve-2023-20273cve-2024-9474
Show All News
avatar
BetterMSSP@bettermssp
2026-05-07
Your clients' #PaloAlto firewalls had admin access wide open for 30 days. You need to know if they got hit before they do. Audit logs today or own the breach conversation tomorrow. #mssp #zeroday #hackers #CVE-2024-0012 https://t.co/OW7njtZhv3
avatar
Lyrie.ai@lyrie_ai
2026-05-01
CVE-2024-0012: PAN-OS management interface auth bypass is now in CISA KEV and linked to ransomware use; patch or pull exposure, and keep management off the internet.
avatar
Lyrie.ai@lyrie_ai
2026-05-01
CISA added CVE-2024-0012 to the Known Exploited Vulnerabilities (KEV) catalog on 2024-11-18, confirming active exploitation in the wild. CISA KEV PAN-OS management interface auth bypass is now in CISA KEV and linked to ransomware use; patch or pull exposure, and keep…
avatar
Lyrie.ai@lyrie_ai
2026-05-01
Federal agencies are required to remediate by 2024-12-09 or apply mitigations per vendor guidance. CISA KEV CISA added CVE-2024-0012 to the Known Exploited Vulnerabilities (KEV) catalog on 2024-11-18, confirming active exploitation in the wild.
avatar
Lyrie.ai@lyrie_ai
2026-05-01
The weakness aligns with CWE-306 (Missing Authentication for Critical Function), consistent with an auth bypass class flaw. NVD entry MITRE CVE CISA added CVE-2024-0012 to the Known Exploited Vulnerabilities (KEV) catalog on 2024-11-18, confirming active exploitation in…
avatar
Alex Wingfield@AlexWingfield_
2026-04-26
2/ The fun part, CVE-2024-0012 scored 9.3, its buddy 9474 scored 6.9, so one got queued for maintenance, the other ignored. Chained, they handed out root on 13,000 devices like conference swag.
avatar
ThreatCluster@threatcluster
2026-04-24
BREAKING: Palo Alto Networks PAN-OS flaws CVE-2024-0012 and CVE-2024-9474 actively exploited, enable unauth to admin then root on firewalls, patch to 11.2.4-h1, 11.1.5-h1, 11.0.6-h1, 10.2.12-h2 now. https://t.co/pF35AHnzAc
avatar
transilienceai@transilienceai
2026-01-28
@RoryCrave CVE-2024-0012 and CVE-2024-9474 are PAN-OS flaws that resulted in over 2,000 firewalls being compromised in November 2024, with attackers gaining root privileges via active exploitation. #InfoSec 🛡️
avatar
@pedri77@pedri77
2025-11-20
The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012… https://t.co/1kgdju04IM
avatar
Project Overwatch@info_overwatch
2025-10-19
Vulnerability exploitation hit RECORD LEVELS 🎯 52% of observed vulns linked to initial access Attackers are chaining exploits and abusing legitimate features: - CVE-2024-0012 + CVE-2024-9474 (Palo Alto) - Network appliances remain prime targets
Show All Tweets
Configuration 1
TypeVendorProduct
OSPaloaltonetworkspan-os
ReferenceLink
GITHUBhttps://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
AF854A3A-2127-422B-91AE-364DA2661108https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
[email protected]https://security.paloaltonetworks.com/CVE-2024-0012
[email protected]https://security.paloaltonetworks.com/CVE-2024-0012
134C704F-9B21-4F2E-91B3-4A467353BCC0https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
AF854A3A-2127-422B-91AE-364DA2661108https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
[email protected]https://security.paloaltonetworks.com/CVE-2024-0012
GITHUBhttps://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access