Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

An unauthenticated remote command execution (RCE) vulnerability against Palo Alto Networks’ internet-exposed firewall management interfaces is actively being exploited, according to the cybersecurity provider.

On November 8, Palo Alto published a security advisory to warn of a zero-day vulnerability affecting some of its PAN-OS firewall management interfaces.

The flaw is an unauthenticated RCE vulnerability affecting internet-exposed new-generation firewall (NGFW) internet management interfaces.

No Allocated CVE; CVSS Score of 9.3

Although the vulnerability has not yet been allocated a CVE, Palo Alto assessed it as critical, with a CVSS of 9.3.

However, the vulnerability only affects public-facing NGFW management interfaces. The manufacturer believes neither Prisma Access nor Cloud NGFW are affected.

“If the management interface access is restricted to IPs, the risk of exploitation is greatly limited, as any potential attack would first require privileged access to those IPs. CVSS for this scenario is 7.5 High,” added the company.

While Palo Alto did not initially mention any threat activity related to this new vulnerability, the firm updated its advisory on November 14 to confirm it has now observed in-the-wild exploitation.

Read more about Palo Alto zero-days: Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Palo Alto Working on a Patch

Palo Alto informed customers that it is actively developing patches and threat prevention signatures, which are expected to be released soon.

“We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines,” Palo Alto added in its advisory.

This comes only days after the US Cybersecurity and Infrastructure Security Agency (CISA) added another vulnerability affecting a Palo Alto product – this time Palo Alto Expedition (CVE-2024-5910) – to its Known Exploited Vulnerability (KEV) catalog.

Fortinet, another firewall provider, has also experienced the disclosure of several zero-day vulnerabilities being actively exploited in the past month.

Photo credit: Michael Vi/Tada Images/Shutterstock

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Sophisticated TA397 Malware Targets Turkish Defense Sector
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Leave a Reply

Your email address will not be published. Required fields are marked *