Palo Alto Networks has lastly launched safety updates for 2 actively exploited zero-day vulnerabilities in its Subsequent-Era Firewalls (NGFW).
The primary flaw, tracked as CVE-2024-0012, is an authentication bypass discovered within the PAN-OS administration net interface that distant attackers can exploit to realize administrator privileges with out requiring authentication or person interplay.
The second (CVE-2024-9474) is a PAN-OS privilege escalation safety flaw that permits malicious PAN-OS directors to carry out actions on the firewall with root privileges.
Whereas CVE-2024-9474 was disclosed in the present day, the corporate first warned prospects on November 8 to limit entry to their next-generation firewalls due to a possible RCE flaw tagged final Friday as CVE-2024-0012.
“Palo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network,” the corporate warned in the present day concerning each zero-days.
“Palo Alto Networks has actively monitored and worked with customers to identify and further minimize the very small number of PAN-OS devices with management web interfaces exposed to the Internet or other untrusted networks, ” it added in a separate report offering indicators of compromise for ongoing assaults concentrating on the issues.
Whereas the corporate says these zero-days affect solely a “very small number” of firewalls, risk monitoring platform Shadowserver reported on Friday that it is monitoring greater than 8,700 uncovered PAN-OS administration interfaces.
Macnica risk researcher Yutaka Sejiyama additionally instructed BleepingComputer that he discovered over 11,000 IP addresses working Palo Alto PAN-OS administration interfaces uncovered on-line utilizing Shodan. In keeping with Shodan, essentially the most weak gadgets are in the USA, adopted by India, Mexico, Thailand, and Indonesia.
The U.S. cybersecurity company added the CVE-2024-0012 and CVE-2024-9474 vulnerabilities to its Identified Exploited Vulnerabilities Catalog and ordered federal businesses to patch their techniques inside three weeks by December 9.
In early November, CISA additionally warned of ongoing assaults exploiting a vital lacking authentication vulnerability (CVE-2024-5910) within the Palo Alto Networks Expedition firewall configuration migration instrument, a flaw patched in July that risk actors can remotely exploit it to reset software admin credentials on Web-exposed Expedition servers.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warns.
