May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake – Active IOCs
November 19, 2024
T-Mobile and Other American Telecoms Targeted by Chinese Threat Actors in Espionage Campaign
November 19, 2024
SideWinder APT Group aka Rattlesnake – Active IOCs
November 19, 2024
T-Mobile and Other American Telecoms Targeted by Chinese Threat Actors in Espionage Campaign
November 19, 2024
Severity
High
Analysis Summary
CVE-2024-9474 CVSS:4.9
Palo Alto Networks PAN-OS could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an OS command injection error. An attacker could exploit this vulnerability to perform actions on the firewall with root privileges.
CVE-2024-0012 CVSS:9.8
Palo Alto Networks PAN-OS could allow a remote attacker to bypass security restrictions, caused by an authentication bypass error. An attacker could exploit this vulnerability to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.
Impact
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-9474
- CVE-2024-0012
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks PAN-OS - 10.1.0
- Palo Alto Networks PAN-OS - 10.2.0
- Palo Alto Networks PAN-OS - 11.1.0
- Palo Alto Networks PAN-OS - 11.2.0
Remediation
Refer to Palo Alto Networks Security Advisories for patch, upgrade or suggested workaround information.
