Customers of Palo Alto Networks confront another vulnerability, this time actively exploited and without a fix yet.
In a recent development, cybersecurity company Palo Alto Networks has identified two critical vulnerabilities in its PAN-OS operating system. The vulnerabilities, CVE-2024-0012 and CVE-2024-9474, have been given a CVSS score of 9.3 and 6.9 respectively, highlighting their high severity.
The vulnerabilities are known to allow unauthenticated remote attacks, involving authentication bypass and command injection, making them particularly dangerous. The company is currently tracking initial exploitation of CVE-2024-0012 as Operation Lunar Peek.
Palo Alto Networks has not specified the exact number of devices affected by the vulnerabilities, but has stated that a "very small number" of PAN-OS devices are deployed with management web interfaces exposed to the internet or other untrusted networks. The company has also reported a decrease in the number of exposed PAN-OS management interfaces, which may indicate a successful effort to secure these interfaces.
To protect firewalls against these exploited zero-day vulnerabilities, Palo Alto Networks recommends several steps. Customers are advised to apply official security patches or updates immediately once fixes are released. Regularly monitoring Palo Alto Networks security advisories and alerts for the latest guidance is also crucial.
Other recommended measures include implementing strict access controls and network segmentation, enabling vigilant logging and monitoring, following best practices like disabling unnecessary services or features, and keeping PAN-OS up to date.
The active exploitation of these vulnerabilities can also allow attackers to exploit other authenticated privilege escalation vulnerabilities. Observed post-exploitation activity includes interactive command execution and dropping malware, such as webshells, on the firewall.
The Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its known exploited vulnerabilities catalog. Indicators of compromise were added on Friday. Palo Alto Networks initially published a security advisory about an unconfirmed vulnerability on Nov. 8, and later confirmed observed threat activity targeting the vulnerability on Thursday.
Palo Alto Networks is actively working with impacted customers to address these critical issues. Steven Thai, senior manager of global crisis communications and reputation management at Palo Alto Networks, has urged all organizations to immediately determine if their firewalls are at risk and apply the security patches.
As these vulnerabilities are zero-day and have been actively exploited, prompt application of patches and proactive defensive measures are essential to maintain firewall security and network integrity. Organizations are advised to follow Palo Alto Networks' recommendations to protect their systems from potential threats.
- Palo Alto Networks has identified two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in its PAN-OS operating system, which allow unauthenticated remote attacks, featuring authentication bypass and command injection.
- To protect firewalls against these zero-day vulnerabilities, Palo Alto Networks advises immediate application of security patches or updates, regular monitoring of security advisories and alerts, implementing strict access controls and network segmentation, enabling vigilant logging and monitoring, following best practices like disabling unnecessary services or features, and keeping PAN-OS up to date.
- The active exploitation of these vulnerabilities can also allow attackers to exploit other authenticated privilege escalation vulnerabilities, leading to interactive command execution and dropping malware such as webshells on the firewall.
- The Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its known exploited vulnerabilities catalog, emphasizing the urgency for prompt patching and proactive defensive measures to maintain firewall security and network integrity.
