The U.S. CISA added the following vulnerabilities to its Known Exploited Vulnerabilities catalog
CVE-2024-1212 with a CVSS score of 10 and CWE-78, is a Progress Kemp LoadMaster OS command injection issue that unauthenticated remote attackers can exploit to execute arbitrary system commands, posing significant security risks.
CVE-2024-0012 with a CVSS score of 9.3 and CWE-306 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain administrator privileges. The issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 but does not impact Cloud NGFW or Prisma Access.
CVE-2024-9474 with a CVSS score of 6.9 and CWE-78 is a privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
CISA orders federal agencies to fix this vulnerability by December 5, 2024.
