Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os CVE-2024-0012 CVE-2024-9474

Name: Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os CVE-2024-0012 CVE-2024-9474
Rating: 5 (173 reviews)

2025-02-06 | CVSS 5.9

## https://sploitus.com/exploit?id=EB9A4863-511A-565C-B464-A0BE48B43275
# CVE-2024-0012 and CVE-2024-9474  
Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) and Authenticated Command Injection in Palo Alto PAN-OS.  
See the [blog post](http://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474) for technical details.  

## Exploit authors  
- Original exploit written by **Sonny** of [watchTowr (@watchtowrcyber)](https://twitter.com/watchtowrcyber).  
- Code and GUI implementation and additional refinements by Diego Collao.