Palo Alto Networks Expedition - Remote Code Execution (CVE-2024-0012, CVE-2)

Palo Alto Networks PAN-OS versions beetween 10.2 and 11.02 are vulnerable to CVE-2024-0012 and CVE-2024-9474, an authentication bypass and a command injection vulnerability. The root cause is the exposure of the criticial authentication function for untrusted networks, which allows a remote unauthenticated attacker to bypass the authentication mechanism.

帕洛阿尔托网络公司的 PAN-OS 版本在 10.2 至 11.02 之间存在安全漏洞，具体为 CVE-2024-0012 和 CVE-2024-9474，涉及身份验证绕过和命令注入缺陷。其根本原因在于对未信任网络暴露了关键的认证功能，使得远程未经验证的攻击者得以绕过认证机制。