### [CVE-2024-9474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9474)
![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Prisma%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=11.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=11.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=11.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)

### Description

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.Cloud NGFW and Prisma Access are not impacted by this vulnerability.

### POC

#### Reference
- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

#### Github
- https://github.com/12442RF/POC
- https://github.com/Chocapikk/CVE-2024-9474
- https://github.com/DMW11525708/wiki
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Linxloop/fork_POC
- https://github.com/Mattb709/HELLCAT-Practical-Initial-Access-Guide-for-Red-Teams
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Regent8SH/PanOsExploitMultitool
- https://github.com/Sachinart/CVE-2024-0012-POC
- https://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC
- https://github.com/XiaomingX/awesome-security-research
- https://github.com/XiaomingX/cve-2024-0012-poc
- https://github.com/adysec/POC
- https://github.com/aratane/CVE-2024-9474
- https://github.com/coskper-papa/PAN-OS_CVE-2024-9474
- https://github.com/dcollaoa/cve-2024-0012-gui-poc
- https://github.com/deathvu/CVE-2024-9474
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/greaselovely/CVE-2024-0012
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/iemotion/POC
- https://github.com/k4nfr3/CVE-2024-9474
- https://github.com/laoa1573/wy876
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/packetinside/CISA_BOT
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tanjiti/sec_profile
- https://github.com/tylzars/awesome-vrre-writeups
- https://github.com/ums91/CISA_BOT
- https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012
- https://github.com/wy876/POC
- https://github.com/wy876/wiki