Vulnerability Awareness – Palo Alto Networks Emphasizes Hardening Guidance Following Claim of RCE (Updated 11/19/2024)

November 19, 2024

Palo Alto Networks has released security updates for two actively exploited zero-day vulnerabilities. The first, tracked as CVE-2024-0012, is an authentication bypass vulnerability found in PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without authenticating. The second, CVE-2024-9474, is a PAN-OS privilege escalation flaw that allows malicious PAN-OS administrators to perform on the firewall with root privileges. Palo Alto Networks noted, “the risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses.”

These highly anticipated updates came after Palo Alto Networks observed active exploitation of these vulnerabilities over the weekend, at which time they also shared Indicators of Compromise. CISA has also added both vulnerabilities to its Known Exploited Vulnerabilities database. For workarounds, mitigations, and additional information visit Palo Alto Networks.

Affected versions: PAN-OS 10.2, PAN-OS 11.1, PAN-OS 11.2.

Additional Resource:

• Palo Alto Networks patches two firewall zero-days used in attacks | Bleeping Computer
• Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek | Security Week

November 14, 2024

Palo Alto Networks (PAN) has released an urgent informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface. See this CISA alert issued yesterday.

Network administrators should review the following for more information and follow PAN’s guidance for hardening network devices:

• PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured
• Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device