FKIE_CVE-2024-9471
Vulnerability from fkie_nvd - Published: 2024-10-09 17:15 - Updated: 2026-06-17 08:24
Severity
Summary
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@paloaltonetworks.com | https://security.paloaltonetworks.com/CVE-2024-9471 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * |
{
"affected": [
{
"affectedData": [
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:9.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.1.0"
},
{
"changes": [
{
"at": "11.0.3",
"status": "unaffected"
}
],
"lessThan": "11.0.3",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.11",
"status": "unaffected"
}
],
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.8",
"status": "unaffected"
}
],
"lessThan": "10.2.8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"source": "psirt@paloaltonetworks.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "11.0.3",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.2.8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "unaffected",
"version": "11.1.0"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1802D72-F84C-4C30-87EE-2A7DD68A1B41",
"versionEndExcluding": "10.0.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C",
"versionEndExcluding": "10.1.11",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C430BDF9-C688-47F9-BE38-D75460AE5B17",
"versionEndExcluding": "10.2.8",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B9B8A6-A4A7-4C14-9D22-50FEF531F15D",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios (PE) en la API XML del software PAN-OS de Palo Alto Networks permite que un administrador de PAN-OS autenticado con privilegios restringidos utilice una clave API XML comprometida para realizar acciones como administrador de PAN-OS con privilegios superiores. Por ejemplo, un administrador con acceso de \"Administrador de sistema virtual (solo lectura)\" podr\u00eda utilizar una clave API XML de un \"Administrador de sistema virtual\" para realizar operaciones de escritura en la configuraci\u00f3n del sistema virtual, aunque deber\u00edan estar limitadas a operaciones de solo lectura."
}
],
"id": "CVE-2024-9471",
"lastModified": "2026-06-17T08:24:38.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-9471",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:28:43.911070Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-10-09T17:15:21.090",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9471"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…