CVE-2024-9474β€”Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

PUBLISHEDvulnerability record
2024-11-18 Β· last modified October 29, 2025

Metadata

CVE ID:
CVE-2024-9474
Project:
Palo Alto Networks
Product:
PAN-OS
Date Added:
2024-11-18
Due Date:
2024-12-09
Last Updated:
October 29, 2025

Vulnerability Name

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Description

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

Additional Notes

Related News Articles

Related Weaknesses