CVE-2024-9474

Severity CVSS v4.0:
MEDIUM
Type:
CWE-78 OS Command Injections
Publication date:
18/11/2024
Last modified:
20/12/2024

Description

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.<br /> <br /> Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 10.1.0 (including) 10.1.14 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 10.2.0 (including) 10.2.12 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 11.0.0 (including) 11.0.6 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 11.1.0 (including) 11.1.5 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 11.2.0 (including) 11.2.4 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*