Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in Palo Alto Networks PAN-OS Software
Alerts

Active Exploitation of Critical Vulnerability in Palo Alto Networks PAN-OS Software

20 November 2024

Palo Alto Networks has released security updates addressing a critical vulnerability (CVE-2024-0012) affecting Palo Alto Networks PAN-OS Software. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10 and is reportedly being actively exploited.

Successful exploitation of the authentication bypass vulnerability could allow an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with configurations, or exploit other vulnerabilities.

The critical vulnerability affects the following product versions:

  • PAN-OS 10.2 versions earlier than 10.2.12-h2

  • PAN-OS 11.0 versions earlier than 11.0.6-h1

  • PAN-OS 11.1 versions earlier than 11.1.5-h1

  • PAN-OS 11.2 versions earlier than 11.2.4-h1

Users and administrators of affected product versions are advised to update to the latest version immediately. Additionally, if not implemented yet, administrators should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the Internet.

More information is available here:

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/

https://security.paloaltonetworks.com/CVE-2024-0012

Back to top