CVE-2024-9471

Name of the Vulnerable Software and Affected Versions: PAN-OS (affected versions not specified)

Description: The issue is related to insecure privilege management in the PAN-OS software. It allows a remote attacker to escalate their privileges. An authenticated administrator with restricted privileges can use a compromised XML API key to perform actions as a higher-privileged administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration, even though they should be limited to read-only operations.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.