# Palo Alto Networks Issues Emergency Patch For Zero-Day Vulnerability

Palo Alto Networks has released patches for two critical zero-day vulnerabilities in their firewall system. These vulnerabilities have been actively exploited, threatening the security of many organizations using the company's products.

### **Details about the vulnerability**

1. **Vulnerability CVE-2024-0012**
    

* **Description**: This is an authentication bypass vulnerability in the web management interface of PAN-OS. An attacker can gain administrative access without authentication.
    
* **Impact**: Allows a remote attacker to control the system without any user interaction.
    

2. **Vulnerability CVE-2024-9474**
    

* **Description**: This vulnerability allows for privilege escalation, enabling malicious administrators to perform actions with root privileges on the system.
    
* **Impact**: Increases the risk of insider attacks, especially from administrators with malicious intent.
    

### **Affected Versions**

* **CVE-2024-0012** affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 on PA-Series, VM-Series, CN-Series, and Panorama devices (both virtual and M-Series).
    
* **CVE-2024-9474** affects PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2 on similar devices.
    

### **Patched Versions**

* **PAN-OS 11.2**: Versions 11.2.4-h1 and above.
    
* **PAN-OS 11.1**: Versions 11.1.5-h1 and above.
    
* **PAN-OS 11.0**: Versions 11.0.6-h1 and above.
    
* **PAN-OS 10.2**: Versions 10.2.12-h2 and above.
    
* **PAN-OS 10.1**: Versions 10.1.14-h6 and above.
    

### **Palo Alto Networks' Response**

Palo Alto Networks quickly released patches to fix these vulnerabilities. The company also advised customers to limit access to the firewall management interfaces to reduce the risk of attacks.

### **Recommendations**

* **Update immediately**: Users should apply the latest patches from Palo Alto Networks to protect their systems.
    
* **Check configuration**: Ensure that management interfaces are not exposed to the Internet or other untrusted networks.
    
* **Continuous monitoring**: Implement continuous monitoring to quickly detect any unusual activities that may relate to exploiting the vulnerability.
    

### **References**

1. [Palo Alto Networks patches two firewall zero-days used in attacks](https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/)
    
2. [CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface](https://security.paloaltonetworks.com/CVE-2024-9474)
    
3. [CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)](https://security.paloaltonetworks.com/CVE-2024-0012)
    
4. **PoC for CVE-2024-0012**: [https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012](https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012)
