CVE-2024-9474

Known Exploited Public Exploit
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Description

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Remediation

Solution:

  • This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions. In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases. * Additional PAN-OS 11.2 fixes: * ​​11.2.0-h1 * 11.2.1-h1 * 11.2.2-h2 * 11.2.3-h3 * 11.2.4-h1 * Additional PAN-OS 11.1 fixes: * 11.1.0-h4 * 11.1.1-h2 * 11.1.2-h15 * 11.1.3-h11 * 11.1.4-h7 * 11.1.5-h1 * Additional PAN-OS 11.0 fixes: * 11.0.0-h4 * 11.0.1-h5 * 11.0.2-h5 * 11.0.3-h13 * 11.0.4-h6 * 11.0.5-h2 * 11.0.6-h1 * Additional PAN-OS 10.2 fixes: * 10.2.0-h4 * 10.2.1-h3 * 10.2.2-h6 * 10.2.3-h14 * 10.2.4-h32 * 10.2.5-h9 * 10.2.6-h6 * 10.2.7-h18 * 10.2.8-h15 * 10.2.9-h16 * 10.2.10-h9 * 10.2.11-h6 * 10.2.12-h2 * Additional PAN-OS 10.1 fixes: * 10.1.9-h14 * 10.1.10-h9 * 10.1.11-h10 * 10.1.12-h3 * 10.1.13-h5 * 10.1.14-h6

Workaround:

  • Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet. Review information about how to secure management access to your Palo Alto Networks firewalls: * Palo Alto Networks LIVEcommunity article:  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices

Category

6.9
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 94.32% Top 5%
KEV Since 
Vendor Advisory paloaltonetworks.com Vendor Advisory paloaltonetworks.com
Affected: Palo Alto Networks Cloud NGFW
Affected: Palo Alto Networks PAN-OS
Affected: Palo Alto Networks Prisma Access
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2024-9474 vendor advisory
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ press/media coverage vendor advisory
https://github.com/k4nfr3/CVE-2024-9474 exploit
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ exploit third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-9474?
CVE-2024-9474 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9474?
To fix CVE-2024-9474: This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions. In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases. * Additional PAN-OS 11.2 fixes: * ​​11.2.0-h1 * 11.2.1-h1 * 11.2.2-h2 * 11.2.3-h3 * 11.2.4-h1 * Additional PAN-OS 11.1 fixes: * 11.1.0-h4 * 11.1.1-h2 * 11.1.2-h15 * 11.1.3-h11 * 11.1.4-h7 * 11.1.5-h1 * Additional PAN-OS 11.0 fixes: * 11.0.0-h4 * 11.0.1-h5 * 11.0.2-h5 * 11.0.3-h13 * 11.0.4-h6 * 11.0.5-h2 * 11.0.6-h1 * Additional PAN-OS 10.2 fixes: * 10.2.0-h4 * 10.2.1-h3 * 10.2.2-h6 * 10.2.3-h14 * 10.2.4-h32 * 10.2.5-h9 * 10.2.6-h6 * 10.2.7-h18 * 10.2.8-h15 * 10.2.9-h16 * 10.2.10-h9 * 10.2.11-h6 * 10.2.12-h2 * Additional PAN-OS 10.1 fixes: * 10.1.9-h14 * 10.1.10-h9 * 10.1.11-h10 * 10.1.12-h3 * 10.1.13-h5 * 10.1.14-h6
Is CVE-2024-9474 being actively exploited in the wild?
It is confirmed that CVE-2024-9474 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9474?
CVE-2024-9474 affects Palo Alto Networks Cloud NGFW, Palo Alto Networks PAN-OS, Palo Alto Networks Prisma Access.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.