CVE-2024-9471

PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

Description

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.

Remediation

Solution:

This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.

Workaround:

This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2024-9471	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-9471?: CVE-2024-9471 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9471?: To fix CVE-2024-9471: This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
Is CVE-2024-9471 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-9471 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9471?: CVE-2024-9471 affects Palo Alto Networks PAN-OS, Palo Alto Networks Cloud NGFW, Palo Alto Networks Prisma Access.

Description

Remediation

Category

CWE-269 – Improper Privilege Management

References

Frequently Asked Questions