CISA Adds 2 Palo Alto Networks Vulnerabilities to KEV – 11-18-24

Yesterday CISA announced the addition of three vulnerabilities to their Known Exploited Vulnerabilities (KEV) catalog. Two of those vulnerabilities were for the Palo Alto Networks PAN-OS Management Interface. Both vulnerabilities were previously reported by Palo Alto Networks (see links below). CISA is requiring federal agencies using the Management Interface to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable”. The deadline for completing such actions is December 9^th, 2024.

The two vulnerabilities are:

• Missing authentication for critical function - CVE-2024-0012, and

• OS command injection - CVE-2024-9474

Palo Alto Networks has a report available providing additional information about the known exploits of these two vulnerabilities. It includes indicators of compromise (including IP addresses of identified command and control sites, and SHA-256 hashes for the exploit payload).