November 16, 2024 at 03:48AM
Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available.
### Meeting Takeaways – Nov 16, 2024
#### Key Points:
1. **New Zero-Day Vulnerability**:
– **Vendor**: Palo Alto Networks
– **Affected Product**: PAN-OS firewall management interface
– **Status**: Actively exploited in the wild.
2. **Indicators of Compromise (IoCs)**:
– Malicious activity detected from the following IPs:
– 136.144.17[.*]
– 173.239.218[.]251
– 216.73.162[.*]
– Note: These may be associated with legitimate VPN activity.
3. **Vulnerability Characteristics**:
– **CVSS Score**: 9.3 (Critical severity)
– Allows unauthenticated remote command execution.
– Exploitation does not require user interaction.
– Low attack complexity.
– Severity drops to CVSS 7.5 if access is restricted to specific IP addresses.
4. **Timeline**:
– November 8, 2024: Customers advised to secure firewall management interfaces amid reports of the flaw.
– Exploitation confirmed against a limited number of instances.
5. **Security Recommendations**:
– Immediate action required to secure access to the management interface.
– Patches for the vulnerability are pending.
6. **Unrelated Exploits**:
– Three critical flaws in Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, CVE-2024-9465) are being actively exploited but are not connected to the current vulnerability issue.
7. **Impact on Products**:
– Prisma Access and Cloud NGFW products are not affected by this vulnerability.
#### Next Steps:
– Stay updated on this developing story for further information and patch releases.
– Monitor the recommended practices from Palo Alto Networks regarding securing management interfaces.
For ongoing updates, consider following Palo Alto Networks on Twitter and LinkedIn.