Privilege Escalation (PE) via PAN-OS XML API
CVE-2024-9471 Published on October 9, 2024
PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
Timeline
Initial publication
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-9471
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 11.1.0 is unaffected.
- Version 11.0.0 and below 11.0.3 is affected.
- Version 10.1.0 and below 10.1.11 is affected.
- Version 10.2.0 and below 10.2.8 is affected.
- Version 9.1 is affected.
- Version 9.0 is affected.
- Version All is unaffected.
- Version All is unaffected.
- Version 11.0.0 and below 11.0.3 is affected.
- Version 10.1.0 and below 10.1.11 is affected.
- Version 10.2.0 and below 10.2.8 is affected.
- Version 9.1 is affected.
- Version 9.0 is affected.
- Version 11.1.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.