Ethical Hacking News
Palo Alto Networks has confirmed that its PAN-OS firewall management interface has been actively exploited in the wild by threat actors who are using a zero-day vulnerability. To mitigate this risk, customers should restrict access to their management interface to specific internal IPs only.
Cybersecurity experts have discovered a newly disclosed zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface. The company has confirmed that its system is being actively exploited by threat actors, who are deploying web shells on compromised devices. Palo Alto Networks had previously warned customers about a potential remote code execution vulnerability, but it was only now confirmed to be a zero-day exploit. Threat actors are targeting systems with internet access, aiming to deploy web shells and gain persistent remote access to compromise devices. The US Cybersecurity and Infrastructure Security Agency (CISA) has added two Palo Alto Networks vulnerabilities to its Known Exploited Vulnerabilities catalog. Palo Alto Networks recommends restricting management interface access to internal IPs only to mitigate the risk of exploitation.
Cybersecurity experts and enthusiasts are abuzz with news of a newly disclosed zero-day vulnerability in the PAN-OS firewall management interface of Palo Alto Networks. The company has confirmed that its system is being actively exploited by threat actors, who are taking advantage of this critical flaw to deploy web shells on compromised devices.
In recent weeks, Palo Alto Networks had warned customers about a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3) in PAN-OS. The company advised customers to limit access to their next-gen firewall management interface due to the high severity of this vulnerability. However, it is only now that the company has confirmed active exploitation of the zero-day by threat actors.
The exploiters are believed to be targeting systems that have access to the internet, with the aim of deploying web shells on compromised devices. This allows them to gain persistent remote access to these devices, which can lead to severe security breaches and data theft.
According to reports, the malicious activities have been observed originating from a limited number of IP addresses associated with VPN services. The company has cautioned that these IP addresses are also associated with legitimate user activity and should not be confused with malicious traffic.
In order to mitigate this risk, Palo Alto Networks recommends customers to restrict access to their management interface to specific internal IPs only. This significantly reduces the exploitation risk, requiring privileged access first. With the CVSS score dropping to 7.5 (High), this is an essential step in protecting against these types of attacks.
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These are CVE-2024-9463 (Palo Alto Networks Expedition OS Command Injection Vulnerability) and CVE-2024-9465 (Palo Alto Networks Expedition SQL Injection Vulnerability). As part of this, the agency has emphasized the importance of addressing these vulnerabilities promptly to prevent potential attacks.
This latest vulnerability is a stark reminder of the ever-evolving threat landscape in today's digital world. Cybersecurity experts stress that staying informed and proactive about newly disclosed vulnerabilities is crucial in protecting against such threats.
In conclusion, while this vulnerability may seem complex to some, its impact on security can be profound. As threat actors continue to exploit zero-days like this one, it is essential for organizations to stay vigilant and take necessary precautions to protect their systems from harm.
Related Information:
https://securityaffairs.com/171057/hacking/palo-alto-networks-zero-day-exploitation.html
https://nvd.nist.gov/vuln/detail/CVE-2024-9463
https://www.cvedetails.com/cve/CVE-2024-9463/
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
https://www.cvedetails.com/cve/CVE-2024-9465/
Published: Sat Nov 16 13:08:03 2024 by llama3.2 3B Q4_K_M
