Palo Alto Networks tackles firewall-busting zero-days with critical patches

Palo Alto Networks tackles firewall-busting zero-days with critical patches

November 19, 2024 at 10:35AM

Palo Alto Networks has issued patches for two zero-day vulnerabilities: CVE-2024-0012, a critical authentication bypass, and CVE-2024-9474, a medium-severity privilege escalation. Users are urged to update urgently. The company warns of ongoing exploitation, particularly from VPN services, and advises restricting access to management interfaces.

### Meeting Takeaways:

1. **New Vulnerabilities Identified**:
– **CVE-2024-0012**:
– Type: Authentication bypass
– Severity: Critical (9.3)
– Urgency: Users must upgrade to patched versions of PAN-OS immediately.
– **CVE-2024-9474**:
– Type: Privilege escalation
– Severity: Medium (6.9)
– Affects PAN-OS management interface, enabling admin access.

2. **Safety Measures and Recommendations**:
– PAN Networks advised customers to revoke public internet access to the management interface and restrict access to trusted internal IPs to mitigate risks.
– Risk assessment indicates that these measures significantly reduce the likelihood of exploitation from the reported vulnerabilities.

3. **Exploitation Activity**:
– PAN is tracking ongoing exploitation activities targeting device management interfaces.
– Threat activity is primarily disguised through anonymous VPN services, with the **observed consequences** including interactive command execution and malware deployment (e.g., webshells).

4. **Exploit Details**:
– There are indications that the exploits (CVE-2024-0012 and CVE-2024-9474) may function synergistically, allowing attackers to chain the vulnerabilities for escalated access.
– WatchTowr’s research outlines the method for exploiting these vulnerabilities and highlights concerns regarding the integrity of PAN appliances.

5. **Exposure Statistics**:
– As of November 18, 6,605 devices running PAN-OS were found to be publicly exposed.
– Geographic exposure analysis indicates the highest number of vulnerable devices in Asia, followed closely by North America.

6. **Ongoing Investigations**:
– PAN continues to investigate exploitation activity while working on remediation efforts. More details on the scale and nature of attacks remain limited.

### Action Items:
– **Immediate Action Required**: Ensure that all systems are updated to the latest patched versions of PAN-OS.
– **Restrict Management Interface Access**: Revise firewall settings to limit access and protect against potential exploitation.

Full Article