Key Points:
– Two critical vulnerabilities have been discovered in Palo Alto Networks’ PAN-OS firewall management interface
– Active exploitation detected in the wild
– Patches now available
Vulnerabilities:
1. CVE-2024-0012 (CVSS: 9.3)
– Authentication bypass allowing unauthorized administrative access
– Enables attackers to gain PAN-OS administrator privileges
2. CVE-2024-9474 (CVSS: 6.9)
– Privilege escalation vulnerability
– Allows administrators to perform actions with root privileges
Impact and Exposure:
– 13,324 publicly exposed firewall management interfaces identified
– 34% located in the United States
– Malicious activity observed from specific IP addresses:
* 136.144.17.*
* 173.239.218.251
* 216.73.162.*
Patches and Mitigation:
– Updates available in versions:
* PAN-OS 10.1.14-h6
* PAN-OS 10.2.12-h2
* PAN-OS 11.0.6-h1
* PAN-OS 11.1.5-h1
* PAN-OS 11.2.4-h1
* All later versions
Important Notes:
– CISA has added both vulnerabilities to the Known Exploited Vulnerabilities catalog
– Federal agencies must patch by December 9, 2024
– Prisma Access and Cloud NGFW products are not affected
– Organizations should immediately secure access to management interfaces