{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9471", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-10-03T11:35:17.822Z", "datePublished": "2024-10-09T17:06:41.456Z", "dateUpdated": "2024-10-18T11:58:13.115Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "11.1.0"}, {"changes": [{"at": "11.0.3", "status": "unaffected"}], "lessThan": "11.0.3", "status": "affected", "version": "11.0.0", "versionType": "custom"}, {"changes": [{"at": "10.1.11", "status": "unaffected"}], "lessThan": "10.1.11", "status": "affected", "version": "10.1.0", "versionType": "custom"}, {"changes": [{"at": "10.2.8", "status": "unaffected"}], "lessThan": "10.2.8", "status": "affected", "version": "10.2.0", "versionType": "custom"}, {"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}]}, {"defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "All"}]}, {"defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "All"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.<br><br>You can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"}], "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."}], "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:58:13.115Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-9471"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions."}], "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions."}], "source": {"defect": ["PAN-217511", "PAN-152631"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in XML API", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a>."}], "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices ."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.0.0", "status": "affected", "lessThan": "11.0.3", "versionType": "custom"}, {"version": "10.1.0", "status": "affected", "lessThan": "10.1.11", "versionType": "custom"}, {"version": "10.2.0", "status": "affected", "lessThan": "10.2.8", "versionType": "custom"}, {"version": "9.1", "status": "affected"}, {"version": "9.0", "status": "affected"}, {"version": "11.1.0", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T20:28:43.911070Z", "id": "CVE-2024-9471", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:33:15.742Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T20:28:43.911070Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "11.0.0", "lessThan": "11.0.3", "versionType": "custom"}, {"status": "affected", "version": "10.1.0", "lessThan": "10.1.11", "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.8", "versionType": "custom"}, {"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}, {"status": "unaffected", "version": "11.1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:32:59.563Z"}}], "cna": {"title": "PAN-OS: Privilege Escalation (PE) Vulnerability in XML API", "source": {"defect": ["PAN-217511", "PAN-152631"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.1, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "unaffected", "version": "11.1.0"}, {"status": "affected", "changes": [{"at": "11.0.3", "status": "unaffected"}], "version": "11.0.0", "lessThan": "11.0.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.1.11", "status": "unaffected"}], "version": "10.1.0", "lessThan": "10.1.11", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.8", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.8", "versionType": "custom"}, {"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-9471", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .", "supportingMedia": [{"type": "text/html", "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a>.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.", "supportingMedia": [{"type": "text/html", "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access", "supportingMedia": [{"type": "text/html", "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.<br><br>You can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access", "base64": false}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:58:13.115Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9471", "state": "PUBLISHED", "dateUpdated": "2024-10-18T11:58:13.115Z", "dateReserved": "2024-10-03T11:35:17.822Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-10-09T17:06:41.456Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1802D72-F84C-4C30-87EE-2A7DD68A1B41", "versionEndExcluding": "10.0.0", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C", "versionEndExcluding": "10.1.11", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C430BDF9-C688-47F9-BE38-D75460AE5B17", "versionEndExcluding": "10.2.8", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6B9B8A6-A4A7-4C14-9D22-50FEF531F15D", "versionEndExcluding": "11.0.3", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios (PE) en la API XML del software PAN-OS de Palo Alto Networks permite que un administrador de PAN-OS autenticado con privilegios restringidos utilice una clave API XML comprometida para realizar acciones como administrador de PAN-OS con privilegios superiores. Por ejemplo, un administrador con acceso de \"Administrador de sistema virtual (solo lectura)\" podr\u00eda utilizar una clave API XML de un \"Administrador de sistema virtual\" para realizar operaciones de escritura en la configuraci\u00f3n del sistema virtual, aunque deber\u00edan estar limitadas a operaciones de solo lectura."}], "id": "CVE-2024-9471", "lastModified": "2024-10-15T16:55:45.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "recovery": "AUTOMATIC", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Green", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-10-09T17:15:21.090", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-9471"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}