CVE-2024-9474
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
| CWE | CWE-78 |
| Vendor | palo alto networks |
| Product | cloud ngfw |
| Published | Nov 18, 2024 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for palo alto networks cloud ngfw
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-9474.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Palo Alto Networks / Cloud NGFW
All versions affected Palo Alto Networks / PAN-OS
11.2.0 < 11.2.4-h1 11.1.0 < 11.1.5-h1 11.0.0 < 11.0.6-h1 10.2.0 < 10.2.12-h2 10.1.0 < 10.1.14-h6
Palo Alto Networks / Prisma Access
All versions affected References
security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2024-9474 labs.watchtowr.com: https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ github.com: https://github.com/k4nfr3/CVE-2024-9474 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474 unit42.paloaltonetworks.com: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
Credits
Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.