CVE-2024-0012

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 10.2.12 Palo Alto Networks PAN-OS versions prior to 11.0.6 Palo Alto Networks PAN-OS versions prior to 11.1.5 Palo Alto Networks PAN-OS versions prior to 11.2.4

Description An authentication bypass in the PAN-OS management web interface enables an unauthenticated attacker with network access to gain PAN-OS administrator privileges. This allows attackers to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities. The issue has been exploited in real-world scenarios, with over 2,000 Palo Alto firewalls reportedly hacked. To exploit this issue, attackers can supply a specific value to the X-PAN-AUTHCHECK HTTP request header, which allows them to bypass authentication.

Recommendations Palo Alto Networks PAN-OS versions prior to 10.2.12: Upgrade to version 10.2.12 or later. Palo Alto Networks PAN-OS versions prior to 11.0.6: Upgrade to version 11.0.6 or later. Palo Alto Networks PAN-OS versions prior to 11.1.5: Upgrade to version 11.1.5 or later, or consider 11.1.4-h7 as an alternative. Palo Alto Networks PAN-OS versions prior to 11.2.4: Upgrade to version 11.2.4 or later. As a temporary workaround, consider restricting access to the management web interface to only trusted internal IP addresses.