CVE-2024-9471

Published: Oct 9, 2024

Modified: Oct 18, 2024

PUBLISHED

Description

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.

Vendor	Product	Versions
Palo Alto Networks	PAN-OS	unaffected `11.1.0` affected `11.0.0 - < 11.0.3` affected `10.1.0 - < 10.1.11` affected `10.2.0 - < 10.2.8` affected `9.1` +1 more versions
Palo Alto Networks	Cloud NGFW	unaffected `All`
Palo Alto Networks	Prisma Access	unaffected `All`

Weaknesses (CWE)

CWE-269

References

https://security.paloaltonetworks.com/CVE-2024-9471

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-9471

Description

Affected Products

Weaknesses (CWE)

References