CRITICAL: Hackers Actively Weaponizing PAN-OS Firewall Zero-Day – Patch Now Available

CRITICAL: Hackers Actively Weaponizing PAN-OS Firewall Zero-Day - Patch Now Available

Palo Alto Networks Security Alert: Critical Vulnerabilities and Patches

Key Points:

– Two critical vulnerabilities have been discovered in Palo Alto Networks’ PAN-OS firewall management interface

– Active exploitation detected in the wild

– Patches now available

Vulnerabilities:

1. CVE-2024-0012 (CVSS: 9.3)

– Authentication bypass allowing unauthorized administrative access

– Enables attackers to gain PAN-OS administrator privileges

2. CVE-2024-9474 (CVSS: 6.9)

– Privilege escalation vulnerability

– Allows administrators to perform actions with root privileges

Impact and Exposure:

– 13,324 publicly exposed firewall management interfaces identified

– 34% located in the United States

– Malicious activity observed from specific IP addresses:

* 136.144.17.*

* 173.239.218.251

* 216.73.162.*

Patches and Mitigation:

– Updates available in versions:

* PAN-OS 10.1.14-h6

* PAN-OS 10.2.12-h2

* PAN-OS 11.0.6-h1

* PAN-OS 11.1.5-h1

* PAN-OS 11.2.4-h1

* All later versions

Important Notes:

– CISA has added both vulnerabilities to the Known Exploited Vulnerabilities catalog

– Federal agencies must patch by December 9, 2024

– Prisma Access and Cloud NGFW products are not affected

– Organizations should immediately secure access to management interfaces

Share This Article