CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 9, 2024

CVE-2024-9474

High

EPSS 94.2%CISA KEVRansomware

Description

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

EPSS — Exploit Probability

94.2%

Higher than 99.9% of all CVEs

Required Action

https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.2%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Nov 18, 2024

Added to KEV

Nov 18, 2024

Remediation Due

Dec 9, 2024

Affected Product

Palo Alto Networks

PAN-OS

View all Palo Alto Networks CVEs

External Links

NVD (NIST)CVE Details MITRE CVE