CVE-2024-9474Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

PUBLISHEDvulnerability record
2024-11-18 · last modified October 29, 2025

Metadata

CVE ID:
CVE-2024-9474
项目:
Palo Alto Networks
产品:
PAN-OS
添加日期:
2024-11-18
到期日:
2024-12-09
最后更新:
October 29, 2025

漏洞名称

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

描述

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

已知用于勒索软件活动吗?

勒索软件状态:
KNOWN

采集行动

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.

其他说明

相关新闻文章

相关 CWE