fkie_nvd - fkie_cve-2024-9471

fkie_cve-2024-9471

Vulnerability from fkie_nvd

Published

2024-10-09 17:15

Modified

2024-10-15 16:55

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.

References

▼	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2024-9471	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1802D72-F84C-4C30-87EE-2A7DD68A1B41",
              "versionEndExcluding": "10.0.0",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C",
              "versionEndExcluding": "10.1.11",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430BDF9-C688-47F9-BE38-D75460AE5B17",
              "versionEndExcluding": "10.2.8",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B9B8A6-A4A7-4C14-9D22-50FEF531F15D",
              "versionEndExcluding": "11.0.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalada de privilegios (PE) en la API XML del software PAN-OS de Palo Alto Networks permite que un administrador de PAN-OS autenticado con privilegios restringidos utilice una clave API XML comprometida para realizar acciones como administrador de PAN-OS con privilegios superiores. Por ejemplo, un administrador con acceso de \"Administrador de sistema virtual (solo lectura)\" podr\u00eda utilizar una clave API XML de un \"Administrador de sistema virtual\" para realizar operaciones de escritura en la configuraci\u00f3n del sistema virtual, aunque deber\u00edan estar limitadas a operaciones de solo lectura."
    }
  ],
  "id": "CVE-2024-9471",
  "lastModified": "2024-10-15T16:55:45.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "automatable": "NO",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "GREEN",
          "recovery": "AUTOMATIC",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "DIFFUSE",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Green",
          "version": "4.0",
          "vulnerabilityResponseEffort": "LOW",
          "vulnerableSystemAvailability": "LOW",
          "vulnerableSystemConfidentiality": "LOW",
          "vulnerableSystemIntegrity": "LOW"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-09T17:15:21.090",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2024-9471

Vulnerability from cvelistv5

Published

2024-10-09 17:06

Modified

2024-10-18 11:58

Severity ?

5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Summary

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2024-9471	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Palo Alto Networks

PAN-OS

Version: 11.0.0   < 11.0.3
Version: 10.1.0   < 10.1.11
Version: 10.2.0   < 10.2.8
Version: 9.1
Version: 9.0
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:9.0:-:*:*:*:*:*:*

	Palo Alto Networks	Cloud NGFW
	Palo Alto Networks	Prisma Access

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.0.3",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.11",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.8",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "9.1"
              },
              {
                "status": "affected",
                "version": "9.0"
              },
              {
                "status": "unaffected",
                "version": "11.1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T20:28:43.911070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T20:33:15.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:9.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "11.1.0"
            },
            {
              "changes": [
                {
                  "at": "11.0.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.3",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.11",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "9.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\u003cbr\u003e\u003cbr\u003eYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"
            }
          ],
          "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks an external reporter for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."
            }
          ],
          "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-18T11:58:13.115Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions."
            }
          ],
          "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-217511",
          "PAN-152631"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in XML API",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices\u003c/a\u003e."
            }
          ],
          "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at  https://docs.paloaltonetworks.com/best-practices ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-9471",
    "datePublished": "2024-10-09T17:06:41.456Z",
    "dateReserved": "2024-10-03T11:35:17.822Z",
    "dateUpdated": "2024-10-18T11:58:13.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted