{
  "name": "November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]",
  "slug": "november-18-advisory-active-exploitation-of-critical-rce-in-palo-alto-networks-pan-os-cve-2024-0012-and-cve-2024-9474",
  "description": "Two critical vulnerabilities in Palo Alto Networks PAN-OS, CVE-2024-0012 and CVE-2024-9474, have been disclosed. CVE-2024-0012 is an authentication bypass allowing unauthenticated remote attackers to gain admin privileges, while CVE-2024-9474 is an authenticated privilege escalation bug. These can be chained for full system compromise. Active exploitation has been observed for CVE-2024-0012. Affected versions include PAN-OS 10.2, 11.0, 11.1, and 11.2. Patches are available, and organizations are urged to update immediately. Censys identified 13,324 publicly exposed NGFW management interfaces, with 34% in the US. Limiting public exposure and upgrading to PAN-OS 10.2 or later is recommended.",
  "published": "2024-11-18T18:19:17+00:00",
  "created_at": "2024-11-18T18:19:17+00:00",
  "modified_at": "2024-11-19T08:34:25+00:00",
  "created_at_opencti": "2024-11-18T18:19:17+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-11-18",
    "CVE-2024-0012",
    "CVE-2024-9474",
    "authentication bypass",
    "critical vulnerability",
    "pan-os",
    "privilege-escalation",
    "rce",
    "vpn"
  ],
  "related_entities": {
    "attack_patterns": [
      {
        "id": "beaa4978-0309-438b-a45e-ec566b643811",
        "name": "T1505.003"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664",
        "name": "T1068"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Government"
      }
    ]
  },
  "external_refs": [
    "https://censys.com/cve-2024-0012/",
    "https://otx.alienvault.com/pulse/673b93354f07f3ac1cb95b15"
  ]
}