CVE-2024-9474

ENISA EUVD: EUVD-2024-50354 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 9 articles Published: 2024-11-18
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
94.22%
probability
This CVE has a 94.22% probability of being exploited in the next 30 days.
0% Top 99.9th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)
6.9
MEDIUM
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Vulnerable System Confidentiality Impact
None
Vulnerable System Integrity Impact
High
Vulnerable System Availability Impact
None
Subsequent System Confidentiality Impact
None
Subsequent System Integrity Impact
None
Subsequent System Availability Impact
None
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CVSS v3.1

Source: NVD
7.2
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Affected Products

Palo Alto Networks
Cloud NGFW
All
Palo Alto Networks
PAN-OS
11.2.0 11.1.0 11.0.0 10.2.0 10.1.0
Palo Alto Networks
Prisma Access
All

Exploits & PoC

Chocapikk/CVE-2024-9474

PAN-OS auth bypass + RCE

46 2024-11-19
k4nfr3/CVE-2024-9474
9 2024-11-22
coskper-papa/PAN-OS_CVE-2024-9474

Palo Alto Networks PAN-OS(CVE-2024-9474) POC

2 2024-12-11
aratane/CVE-2024-9474

Palo Alto RCE Vuln

1 2025-01-16
deathvu/CVE-2024-9474

PoC for PAN-OS Exploit

0 2024-11-20
5 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
85%
EPSS 94.22%
CVSS v4.0 6.9
CVSS v3.1 7.2
Mentions 9
Last Seen Dec 13, 2025

CNA Information

CNA Assigner
palo_alto
CNA Title
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Analyst Note

CVE-2024-9474 is explicitly named as a zero-day in Palo Alto Networks' November 2024 patch advisory and BleepingComputer/CERT-EU sources. Multiple articles confirm active exploitation in the wild coinciding with patch availability (article [1] explicitly states 'patches two firewall zero-days used in attacks' and article [3] references 'recently patched bugs' being exploited). The November 2024 publication date and immediate exploitation reports confirm zero-day status.

Threat Actors 11

Cobalt
apt_group Financial crime 🇷🇺 RU
Cron
apt_group 🇷🇺 RU
CHRYSENE
apt_group Information theft and espionage 🇮🇷 IR
Infy
apt_group Information theft and espionage 🇮🇷 IR
HomeLand Justice
apt_group Sabotage and destruction 🇮🇷 IR
Void Manticore
apt_group Sabotage and destruction 🇮🇷 IR
Tortoiseshell
apt_group Information theft and espionage 🇮🇷 IR
Shadow Network
apt_group Information theft and espionage 🇨🇳 CN
Mana Team
apt_group 🇨🇳 CN
Velvet Ant
apt_group Information theft and espionage 🇨🇳 CN
Lurk
apt_group Financial crime 🇷🇺 RU

Triage Info

Decided atMar 05, 2026
Published DateNov 18, 2024