CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0012

Critical Severity
Paloaltonetworks
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.94323/1

CVE-2024-0012 is a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS, allowing unauthorized network access to the management web interface. This enables attackers to gain administrator privileges without authentication. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, immediate action is crucial to mitigate this high-severity threat. An attacker can perform administrative actions, tamper with configurations, or exploit other privilege escalation vulnerabilities. This issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2. The presence of active exploits and its listing in the CISA KEV catalog further emphasizes the urgency, as attackers are actively exploiting this vulnerability in the wild, making it a significant risk to affected systems.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-11-18
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-0012 is a critical vulnerability in Palo Alto Networks PAN-OS software. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass authentication and gain administrator privileges. This grants the attacker the ability to perform administrative actions, tamper with the configuration, or exploit other privilege escalation vulnerabilities such as CVE-2024-9474.

SVRS (SOCRadar Vulnerability Risk Score): 97 signifies a highly critical vulnerability requiring immediate attention and remediation.

Key Insights

  • Authentication Bypass: The vulnerability allows attackers to bypass authentication entirely, giving them full administrative control over the affected systems.
  • Remote Exploitation: Attackers with network access to the management web interface can exploit this vulnerability remotely, potentially from anywhere in the world.
  • Privilege Escalation: Successful exploitation enables the attacker to gain administrator privileges, allowing them to perform various malicious activities, including installing malware, altering configurations, and accessing sensitive data.
  • Exploitation in the Wild: Active exploits have been published and are being used by attackers, making this vulnerability an immediate threat.

Mitigation Strategies

  1. Restrict Access to Management Interface: Immediately restrict access to the management web interface to trusted internal IP addresses. This can significantly reduce the attack surface and limit the potential for exploitation.
  2. Patching: Apply the latest available PAN-OS security patches to address the vulnerability. Palo Alto Networks has released patches for PAN-OS 10.2, 11.0, 11.1, and 11.2.
  3. Network Segmentation: Implement network segmentation to isolate the management network from the rest of the organization's network. This can prevent an attacker who compromises one system from gaining access to other critical systems.
  4. Multi-Factor Authentication (MFA): Enable multi-factor authentication for all users who have access to the management interface. This adds an extra layer of security and makes it significantly harder for attackers to gain unauthorized access.

Additional Information:

  • CISA KEV: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Known Exploited Vulnerability (KEV) warning, urging organizations to take immediate action to mitigate the risks associated with this vulnerability.
  • Threat Actors: Specific threat actors or APT groups actively exploiting this vulnerability haven't been publicly identified yet. However, given the availability of exploits, it is likely that various threat actors are actively exploiting this vulnerability.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
06e493f1f9a620ecec1a4f32fedd31282024-12-03
HASH
2acf0461cb310ad4109cce68e4c07afe2024-12-03
HASH
302f76897e4e5c8c98a52a38c4c984432024-12-03
HASH
3065f86823e429728a9adb21863414a22024-12-03
HASH
3f63951399f8cd578e2a6faed2c9c0f02024-12-03
HASH
415e171e5d836a5cdc86a433cac650c72024-12-03
HASH
510b7b359363eadc7910d721f04d80a82024-12-03

Exploits

TitleSoftware LinkDate
XiaomingX/cve-2024-0012-pochttps://github.com/XiaomingX/cve-2024-0012-poc2024-11-22
Sachinart/CVE-2024-0012-POChttps://github.com/Sachinart/CVE-2024-0012-POC2024-11-19
VegetableLasagne/CVE-2024-0012https://github.com/VegetableLasagne/CVE-2024-00122024-11-21
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-00122024-11-18
0xjessie21/CVE-2024-0012https://github.com/0xjessie21/CVE-2024-00122024-11-30
dcollaoa/cve-2024-0012-gui-pochttps://github.com/dcollaoa/cve-2024-0012-gui-poc2025-02-06
TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoChttps://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC2024-12-11
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, November 20th, 2024
Dr. Johannes B. Ullrich2024-11-20
ISC StormCast for Wednesday, November 20th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Debugger Detection; PAN-OS Patches; VCenter Attacks; Veritas Vuln;Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com
sans.edu
rss
forum
news
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA2025-04-01
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA has added two new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035&nbsp;Microsoft Partner Center Improper Access Control Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2023-34192" title="Synacor Zimbra Collaboration Suite
us-cert.gov
rss
forum
news
PANdora's Box: Vulnerabilities Found in NGFW
Chris Garland2025-03-01
PANdora's Box: Vulnerabilities Found in NGFW | Security appliances, such as firewalls, VPNs, and secure web gateways, are designed to protect organizations from cyber threats. However, these assets designed to protect enterprises are increasingly the target of attackers who exploit vulnerabilities in security appliances to gain access, evade security teams, and maintain persistence within target organizations.&#160; The issue is that security appliances, [&#8230;] The post PANdora&#039;s Box: Vulnerabilities Found in NGFW appeared first on <a href="https://
linux
windows
administrators
document
Chinese Spies Allegedly Engaged in Ransomware Operations
Trapti Rajput ([email protected])2025-02-23
Chinese Spies Allegedly Engaged in Ransomware Operations | &nbsp;Backed by the Chinese government, a cyber-espionage group has been observed engaging in ransomware-related activities as part of its intelligence
blogger.com
rss
forum
news
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild
Guru Baran2025-02-19
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild | The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the company’s firewall devices. With over 25 malicious IPs targeting unpatched systems globally, federal authorities and cybersecurity experts warn that attackers could chain this flaw [&#8230;] The post CISA Warns of Palo Alto PAN-OS Vulnerability
cybersecuritynews.com
rss
forum
news
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
Guru Baran2025-02-14
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability | Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts targeting this vulnerability. The flaw allows unauthenticated attackers to bypass the authentication required by the PAN-OS management web interface and invoke certain PHP scripts. While this doesn&#8217;t enable remote code [&#8230;] The post Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
cybersecuritynews.com
rss
forum
news
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
Ajit Jasrotia2025-02-13
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset | An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. &#8220;During the attack in late 2024, the [&#8230;] The post RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
allhackernews.com
rss
forum
news

Social Media

Urgent: Thousands of Palo Alto Networks Firewalls Compromised by Zero-Day Vulnerabilities From Megan Peters at {sitename} 👉 Read full article: https://t.co/1zjoTBDDhV #CVE-2024-0012 #CVE-2024-9474 #Cybersecurity #FirewallSecurity #firewalls #hacked https://t.co/aDZpuf5kQP
0
0
0
CVE-2024-0012 Authentication Bypass in the Management Web Interface of PAN-OS Over 2,000 Palo Alto Networks devices have been compromised in an ongoing widespread attack. #vulnerable #CyberSecurity https://t.co/GbYgE8OqKM
0
0
0
Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks https://t.co/75KWJ0qifT A recent ransomware attack leveraging a vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) has raised significant concerns within the cybersecurity community. Th…
0
0
0
Chinese hackers Emperor Dragonfly shift from espionage to ransomware, targeting an Asian IT company with RA World ransomware. Vulnerabilities exploited include CVE-2024-0012. 🦠💻 #China #Ransomware #CyberEspionage link: https://t.co/oxwrPnOiPu https://t.co/pHdue7MVr5
1
0
1
Chinese APT Mustang Panda, known for espionage, is now using ransomware for financial gain. They breached a South Asian company via CVE-2024-0012, stole credentials, and demanded $2M in ransom. A troubling shift in cyber tactics. #CyberSecurity #APT #Ransomware https://t.co/WvMm7IiGks
0
0
0
Toshiba executable named "toshdpdb.exe" to sideload a malicious DLL named "toshdpapi.dll," has been seen exploiting Palo Alto Networks PAN-OS vulnerability (CVE-2024-0012). https://t.co/8tUI2dmCsO
0
0
0
PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) - Help Net Security https://t.co/9S8GM7x304 "CVE-2025-0108 was discovered by Assetnote researchers aftey they decided to analyze the patches for CVE-2024-0012 and CVE-2024-9474…"
0
0
0
🚨 New Cyber Threat Alert! 🚨 Hackers exploited a PAN-OS vulnerability (CVE-2024-0012) to deploy RA World ransomware, targeting an Asian software company. This attack blurs the line between state-sponsored espionage &amp; financial cybercrime. 🔴 Key Takeaways: Nation-state
0
0
1
🚨 New PAN-OS Vulnerability Exploited – RA World Ransomware Alert 🚨 Attackers are exploiting CVE-2024-0012 in Palo Alto Networks’ PAN-OS, deploying RA World ransomware with PlugX malware linked to Chinese espionage tool sets! #CyberSecurity #PANOS #Ransomware #PlugX #CVE20240012
0
0
1
Aprovechan una vulnerabilidad crítica en el software de firewall PAN-OS de Palo Alto Networks (CVE-2024-0012) para implementar el ransomware RA World.  El ciberataque ocurrió a fines de 2024 y tuvo como objetivo una empresa mediana de software y servicios del sur de Asia. 🧉 https://t.co/m9RsuMvHnN
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSPaloaltonetworkspan-os

References

ReferenceLink
[email protected]https://security.paloaltonetworks.com/CVE-2024-0012
134C704F-9B21-4F2E-91B3-4A467353BCC0https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
AF854A3A-2127-422B-91AE-364DA2661108https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
[email protected]https://security.paloaltonetworks.com/CVE-2024-0012

CWE Details

CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence