CISA has added three more vulnerabilities to its Known Exploited Vulnerabilities(KEV) Catalog.
CVE-2024-0012: PAN-OS Authentication Bypass
CVE-2024-0012 is a critical authentication bypass in the management interface of Palo Alto Networks’s PAN-OS. This vulnerability can enable an unauthenticated attacker to perform administrative actions and tamper with configurations. This issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2.
PAN-OS is a proprietary operating system developed by Palo Alto Networks that runs all of Palo Alto’s Next-Generation Firewalls. The software integrates several key technologies to enhance network security and management capabilities. One of the functionalities of PAN-OS is its web-based management interface. It is here that the vulnerability lies.
The risk of exploitation of this vulnerability is greatest if the management interface is accessible from the internet by untrusted IP addresses, either directly or indirectly. If the interface is only exposed to trusted internal IP addresses, the risk of exploitation is greatly reduced. The severity rating given to this vulnerability is 9.3(Critical) and the suggested urgency is “Highest” meaning it should be checked and fixed immediately.
As far as mitigations go, Palo Alto Networks has recommended best-practice deployment guidelines which could greatly reduce the risk of exploitation if followed properly.
CVE-2024-9474: PAN-OS Command Injection
CVE-2024-9474 is yet another critical vulnerability, this time a privilege escalation, in PAN-OS’s management console which allows users with admin privileges to perform actions with root privileges on the firewalls.
The vulnerability stems from improper handling of certain special characters that are used in OS commands, allowing for command injection to take place.
On its own, this vulnerability is pretty harmless, having a severity rating of only 4.0, but chained with something like CVE-2024-0012, it could cause some serious trouble.
A typical attack chain would look something like this: The attacker first uses the authentication bypass, CVE-2024-0012, to gain access to an admin account. They then exploit CVE-2024-9474 to escalate their privileges and run arbitrary commands on the firewall as root.
The vulnerability affects PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2 and can be mitigated in the same manner as the aforementioned CVE-2024-0012.
CVE-2024-1212: Progress Kemp Loadmaster OS Command Injection
CVE-2024-1212 is a critical command injection vulnerability found in the Progress Kemp LoadMaster load balancer’s management interface. This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands with potentially devastating consequences.
The flaw arises from improper handling of user input in the LoadMaster’s administrator web interface. Attackers can exploit this vulnerability by sending specially crafted HTTP requests, which are then processed without adequate validation, allowing them to inject and execute commands on the system. The severity of this vulnerability is rated at 10 on the CVSS scale, indicating a highly critical risk level.
CVE-2024-1212 affects multiple versions of the Kemp LoadMaster, and the vendor has released patches to address this issue. Users are strongly advised to upgrade to the latest version of the LoadMaster software to mitigate this vulnerability effectively.
These three vulnerabilities form CISA’s latest additions to its KEV catalog. Stay tuned for more updates!