Ethical Hacking News
Palio Alto Networks has patched two critical firewall-busting zero-days that have been used in conjunction with each other to gain superuser access, highlighting the need for customers to take urgent action to protect their networks.
Palo Alto Networks has released critical patches for two zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its firewall appliances. The first vulnerability is an authentication bypass bug with a severity rating of 9.3, while the second is a privilege escalation bug with a medium severity rating of 6.9. Customers are advised to upgrade to patched maintenance versions of PAN-OS immediately. A limited number of earlier iterations are vulnerable, and threat activity targeting device management web interfaces has been identified. The risk of exploit was reduced if customers revoked public internet access to the management interface. Researchers believe the vulnerabilities are being used in conjunction with each other to gain superuser access. As of November 18, 6,605 devices were exposed running PAN-OS, with the largest number of exposures in Asia and North America.
Palo Alto Networks has released critical patches for two firewall-busting zero-day vulnerabilities that have been actively exploited by attackers. The vulnerabilities, tracked as CVE-2024-0012 and CVE-2024-9474, are classified as a critical and medium severity rating respectively. The first vulnerability, CVE-2024-0012, is an authentication bypass bug that allows attackers to gain unauthorized access to the management interface of Palo Alto Networks appliances. This vulnerability has a 9.3 (critical) severity rating, making it one of the most severe vulnerabilities discovered in recent times.
The second vulnerability, CVE-2024-9474, is a privilege escalation bug that also affects the PAN-OS management interface. While not as severe as the first vulnerability, this bug still allows attackers to gain admin access and perform actions as root. The severity rating for this vulnerability is 6.9 (medium), which indicates a moderate level of risk.
According to Palo Alto Networks, both advisories detail specific versions that are deemed safe, as well as a limited number of earlier iterations that are more commonly deployed. Customers are encouraged to upgrade to one of the many patched maintenance versions of PAN-OS with the highest degree of urgency.
It's worth noting that Palo Alto Networks has identified threat activity targeting a limited number of device management web interfaces, primarily originating from IP addresses known to proxy/tunnel traffic for anonymous VPN services. The organization is still actively investigating and remediating this activity.
The risk of the exploit working was greatly reduced if customers took certain steps at the end of last week, such as revoking public internet access to the management interface if it wasn't already and ensuring only trusted internal IPs could access it.
Researchers have also been analyzing the vulnerabilities, with watchTowr suggesting that the two bugs are being used in conjunction with each other to gain superuser access. This is a pattern that researchers have seen before with Palo Alto appliances, where attackers chain together multiple vulnerabilities to achieve their goals.
As of November 18, the number of exposed devices running PAN-OS stood at 6,605, with the largest number of exposures being in Asia, closely followed by North America. The Shadowserver Foundation has been tracking this data and provides a detailed breakdown of the affected devices.
In conclusion, Palo Alto Networks has released critical patches for two firewall-busting zero-day vulnerabilities that have been actively exploited by attackers. These vulnerabilities highlight the importance of keeping software up to date and being vigilant in monitoring network activity.
Palio Alto Networks has patched two critical firewall-busting zero-days that have been used in conjunction with each other to gain superuser access, highlighting the need for customers to take urgent action to protect their networks.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/19/palo_alto_networks_patches/
https://nvd.nist.gov/vuln/detail/CVE-2024-0012
https://www.cvedetails.com/cve/CVE-2024-0012/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
Published: Tue Nov 19 12:44:10 2024 by llama3.2 3B Q4_K_M
