CVE-2024-0012 Palo Alto Networks CVE debrief

Who should care

Palo Alto Networks PAN-OS administrators, network security teams, and incident responders responsible for devices with management interfaces that may be reachable from untrusted networks.

Technical summary

The available source material identifies the issue as an authentication bypass affecting the PAN-OS management interface. CISA’s KEV entry instructs affected organizations to apply mitigations per vendor instructions or discontinue use if mitigations are unavailable, and specifically warns that the management interface of affected devices should not be exposed to untrusted networks, including the internet.

Defensive priority

Urgent

Recommended defensive actions

• Apply mitigations according to Palo Alto Networks guidance referenced by CISA.
• If mitigations are unavailable, discontinue use of the affected product per CISA guidance.
• Ensure PAN-OS management interfaces are not exposed to untrusted networks, including the internet.
• Review which devices are affected and confirm management-plane access restrictions are in place.
• Monitor the official CVE, NVD, and CISA KEV entries for updated guidance.

Evidence notes

CISA added CVE-2024-0012 to the Known Exploited Vulnerabilities catalog on 2024-11-18 and set a due date of 2024-12-09. The KEV metadata identifies the issue as a Palo Alto Networks PAN-OS management interface authentication bypass vulnerability and marks known ransomware campaign use as 'Known'. CISA’s required-action note says to apply vendor mitigations or discontinue use if mitigations are unavailable, and to keep management interfaces off untrusted networks.

Official resources