Ethical Hacking News
Palo Alto Networks has issued critical security updates to address two actively exploited zero-day vulnerabilities in its PAN-OS management web interface. The patches aim to mitigate the risk of remote attackers exploiting these flaws to gain unauthorized access to firewall systems.
Palo Alto Networks has released security updates to address two actively exploited zero-day vulnerabilities in its PAN-OS management web interface. The vulnerabilities, CVE-2024-0012 and CVE-2024-9474, are an authentication bypass vulnerability and a privilege escalation vulnerability, respectively. These flaws were discovered after observing threat activity exploiting them against limited management web interfaces exposed to internet traffic. Only a "very small number" of firewalls are impacted by these vulnerabilities, but over 8,700 PAN-OS management interfaces have been found exposed online. The US cybersecurity agency has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch their systems within three weeks.
Palo Alto Networks, a leading provider of next-generation firewalls, has announced the release of security updates to address two actively exploited zero-day vulnerabilities in its PAN-OS management web interface. The patches, which are now available for download, aim to mitigate the risk of remote attackers exploiting these flaws to gain unauthorized access to firewall systems.
The first vulnerability, tracked as CVE-2024-0012, is an authentication bypass vulnerability that allows attackers to exploit a weakness in the PAN-OS management web interface. This means that even without requiring user interaction or authentication, an attacker can bypass the usual security checks and gain administrator privileges on a PAN-OS device. According to Palo Alto Networks, this flaw was discovered after observing threat activity exploiting the vulnerability against a limited number of management web interfaces exposed to internet traffic.
The second vulnerability, tracked as CVE-2024-9474, is a privilege escalation vulnerability that allows malicious administrators to perform actions on the firewall with root privileges. While not immediately clear how attackers exploited this vulnerability in the wild, Palo Alto Networks has warned customers about a potential Remote Code Execution (RCE) flaw tagged last Friday as CVE-2024-0012.
According to Palo Alto Networks, these zero-days impact only a "very small number" of firewalls; however, threat monitoring platform Shadowserver reported on Friday that it's tracking over 8,700 exposed PAN-OS management interfaces. Macnica threat researcher Yutaka Sejiyama also found over 11,000 IP addresses running Palo Alto PAN-OS management interfaces exposed online using Shodan.
The U.S. cybersecurity agency added the CVE-2024-0012 and CVE-2024-9474 vulnerabilities to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch their systems within three weeks by December 9. This is in addition to CISA's warning of ongoing attacks exploiting a critical missing authentication vulnerability (CVE-2024-5910) in the Palo Alto Networks Expedition firewall configuration migration tool, which was patched in July.
In early November, CISA warned of ongoing attacks exploiting this flaw, stating that these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. This highlights the importance of proactive security measures and timely patching of known vulnerabilities by organizations.
In light of this development, it is crucial for network administrators to take immediate action to update their PAN-OS devices with the latest security patches. Organizations that fail to do so may be leaving themselves vulnerable to exploitation by attackers who can easily exploit these zero-days in their firewall systems.
This incident also serves as a reminder that the increasing sophistication of cyber attacks demands robust security strategies and frequent updates of security software and configurations to stay ahead of emerging threats.
In conclusion, the latest vulnerability patches from Palo Alto Networks demonstrate the urgent need for proactive security measures to protect enterprise networks against sophisticated cyber threats. By prioritizing timely patching and staying informed about emerging vulnerabilities, organizations can significantly reduce their risk of falling victim to these zero-days.
Related Information:
https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-0012
https://www.cvedetails.com/cve/CVE-2024-0012/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
https://nvd.nist.gov/vuln/detail/CVE-2024-5910
https://www.cvedetails.com/cve/CVE-2024-5910/
Published: Mon Nov 18 16:35:14 2024 by llama3.2 3B Q4_K_M
