Two recently discovered zero-day vulnerabilities in Palo Alto Networks (PAN) firewalls have led to widespread compromises:
Key Vulnerabilities:
1. CVE-2024-0012: Authentication bypass allowing remote administrator access
2. CVE-2024-9474: Privilege escalation enabling root-level command execution
Current Impact:
– Over 2,700 PAN-OS devices identified as vulnerable
– Approximately 2,000 firewalls already compromised
– Attacks primarily originating from anonymous VPN services
Official Response:
– CISA has listed both vulnerabilities in their Known Exploited Vulnerabilities Catalog
– Federal agencies must patch by December 9, 2024
– Palo Alto Networks is actively investigating the incidents
Critical Recommendations:
Palo Alto Networks strongly advises customers to:
– Immediately restrict management interface access to trusted internal IP addresses
– Follow recommended best practice deployment guidelines
– Apply available security patches promptly
Context:
This incident follows earlier 2024 security issues, including CVE-2024-5910 and CVE-2024-3400, highlighting the ongoing importance of firewall security maintenance and prompt vulnerability management.
The situation remains active with high potential for increased threat activity due to publicly available exploit chains.