Palo Alto Networks says it fixed two major firewall zero-days being used in thousands of attacks
published 22 November 2024
One of the bugs is critical, so patch now
- Palo Alto Networks releases patch for two serious flaws impacting its firewalls
- The flaws were being abused in the wild to drop malware
- CISA added them to its KEV catalog
Palo Alto Networks has revealed it fixed two major vulnerabilities plaguing its firewalls.
The bugs are an authentication bypass in the PAN-OS management web interface (CVE-2024-0012), and a privilege escalation flaw in PAN-OS (CVE-2024-9474). The former has a severity score of 9.3 (critical), and grants crooks the ability to gain admin privileges on the target endpoint, and the latter has a lower score, 6.9 (medium), but helps run commands on the firewall.
Cybercriminals were chaining the flaws to gain admin privileges and run commands on exposed endpoints, it confirmed. Therefore, users are advised to apply the patches as soon as possible.
Added to CISA’s KEV
Palo Alto said it was looking into ongoing attacks in which the two bugs were chained to strike “a limited number of device management web interfaces” with malware and arbitrary commands.
“This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services,” the company said in an advisory. “At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity.”
Both vulnerabilities have since been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild abuse. Federal agencies have until December 9 to patch the bugs, or stop using the affected firewalls altogether.
Palo Alto said that only a “very small number” of firewalls is being targeted. However, citing data from the threat monitoring platform Shadowserver, BleepingComputer reported that there are more than 2,700 vulnerable PAN-OS instances.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Since a working exploit is already available, and evidence of abuse exists, Palo Alto “strongly” advises its customers to patch up, and restrict access to trusted accounts only.
“Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines,” the company said.
Via BleepingComputer
You might also like
- Palo Alto Networks warns users of dangerous security threat affecting firewalls
- Here’s a list of the best free antivirus tools around today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Top online gift platform leaks user details, including thousands of US military members
Pakistan blocks Bluesky amid popularity surge
RTX 5070 Ti leak suggests Nvidia has a powerful GPU up its sleeve that uses the same chip as the RTX 5080
Most Popular
-
1RTX 5070 Ti leak suggests Nvidia has a powerful GPU up its sleeve that uses the same chip as the RTX 5080
-
2A Samsung Galaxy tri-fold looks increasingly likely for 2025, according to latest leak
-
3Everything I’d buy in the Currys Black Friday sale 2024 – 29 great deals that can’t be beaten by Amazon or Argos
-
4Top online gift platform leaks user details, including thousands of US military members
-
5Hands on: Amazon Workspaces Thin Client