CVE-2024-9474: Palo Alto Networks PAN-OS Management Interface OS Command
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability. Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
- CISA KEV-listed (remediation due 2024-12-09)
- used in ransomware campaigns
- EPSS 94.2% (99.9% percentile)