Skip to main content
All vulnerabilities
CVE-2024-0012 Known ransomware use

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Palo Alto NetworksPAN-OS

Added to KEV catalog
18 November 2024
Federal remediation due date
9 December 2024
Weakness classification (CWE)
CWE-306

CISA Description

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.

Notes

https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services