CVE-2024-9474
Severity CVSS v4.0:
MEDIUM
Type:
CWE-78
OS Command Injections
Publication date:
18/11/2024
Last modified:
20/12/2024
Description
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.<br />
<br />
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | 10.1.0 (including) | 10.1.14 (excluding) |
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | 10.2.0 (including) | 10.2.12 (excluding) |
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | 11.0.0 (including) | 11.0.6 (excluding) |
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | 11.1.0 (including) | 11.1.5 (excluding) |
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | 11.2.0 (including) | 11.2.4 (excluding) |
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:* | ||
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page