CVE-2024-9474

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 10.1.14 Palo Alto Networks PAN-OS versions prior to 10.2.12 Palo Alto Networks PAN-OS versions prior to 11.0.6 Palo Alto Networks PAN-OS versions prior to 11.1.5 Palo Alto Networks PAN-OS versions prior to 11.2.4

Description A privilege escalation issue in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. The vulnerability has been exploited in real-world incidents, with a backdoor called LITTLELAMB.WOOLTEA discovered in compromised Palo Alto Networks devices. This backdoor provides attackers with persistent access, allowing them to gather intelligence and conduct further attacks. It operates stealthily, using encrypted communication and can be spread through phishing campaigns or exploitation of vulnerabilities in peripheral network devices.

Recommendations For Palo Alto Networks PAN-OS versions prior to 10.1.14, update to version 10.1.14 or later. For Palo Alto Networks PAN-OS versions prior to 10.2.12, update to version 10.2.12 or later. For Palo Alto Networks PAN-OS versions prior to 11.0.6, update to version 11.0.6 or later. For Palo Alto Networks PAN-OS versions prior to 11.1.5, update to version 11.1.5 or later. For Palo Alto Networks PAN-OS versions prior to 11.2.4, update to version 11.2.4 or later. As a temporary workaround, consider restricting access to the management web interface to minimize the risk of exploitation.