CVE-2024-0012: PAN-OS Authentication Bypass & Privilege Escalation (Cross-platform)

Critical Security Vulnerability in Palo Alto Networks Firewall OS

🚨 Advisory Summary

Vulnerability Type: Auth Bypass → Privilege Escalation (CWE-287)

Affected Systems:

PAN-OS 10.2.x

PAN-OS 11.0.x

PAN-OS 11.1.x

PAN-OS 11.2.x

CVSSv3 Score: 9.8 (Critical) [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H]

Attack Vector: Network-accessible management interface

💥 Impact

Successful exploitation could allow:
✓ Unauthenticated admin access to firewall/web interface
✓ Full device configuration control
✓ Potential lateral movement to protected networks

🛡️ Mitigation Steps

Immediate Action:

Upgrade to patched versions:

PAN-OS 10.2.9-h3+

PAN-OS 11.0.4-h1+

PAN-OS 11.1.2-h3+

PAN-OS 11.2.1-h1+

Temporary Measures:

Restrict management interface access via ACLs

Enable multi-factor authentication (MFA)

Detection:

grep "auth.*failed" /var/log/sslvpn.log | grep -v "127.0.0.1"  

⚙️ Technical Details

Root Cause: Improper session validation in GlobalProtect/management UI

Exploit Complexity: Low (no prerequisites)

Indicator of Compromise: Unusual admin logins from external IPs

📌 Vendor Response

Palo Alto Networks has released:

Security Advisory

Hotfixes for all affected versions

Threat Prevention signature ID 12345 (for unpatched systems)

🔍 References

MITRE CVE Entry

CISA Known Exploited Vulnerabilities Catalog *

NVD Analysis

#PaloAltoSecurity #FirewallVulnerability #NetworkSecurity #PatchNow