Palo Alto Networks Patches Critical Firewall Vulnerability

Security

Palo Alto Networks has released a security patch to fix a critical vulnerability in instances of its firewall management interfaces.

The security vendor disclosed the flaw on November 8 and later confirmed evidence of in-the-wild exploitation. It was initially tracked by Palo Alto as PAN-SA-2024-0015.

It has now been allocated a common vulnerabilities and exposures (CVE) number, CVE-2024-12.

Critical, Actively Exploited Vulnerability

The vulnerability is an authentication bypass found in the PAN-OS management web interface used to manage Palo Alto’s next-generation firewalls (NGFWs).

It affects PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1 and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted.

Exploiting this flaw could enable an unauthenticated attacker network access to the management web interface. With this access they could gain PAN-OS administrator privileges to perform administrative actions and tamper with the configuration.

Palo Alto gave the flaw a common vulnerability severity score (CVSS) of 9.3, meaning it is critical.

The vendor also said on November 14 that it “observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.”

Palo Alto Networks: Patch Urgently

A patch was released on November 18 for the following versions: PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1 and all later PAN-OS versions.

This patch also fixes CVE-2024-9474, another vulnerability in PAN-OS disclosed on November 18.

The vendor said that Palo Alto NGFW users with these versions should urgently patch it.

“In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases,” said the Palo Alto advisory.

The vendor also said that the risk of this issue can be reduced by restricting access to the management web interface to only trusted internal IP addresses.

Read now: A Guide to Zero-Day Vulnerabilities and Exploits for the Uninitiated

Photo credit: Mojahid Mottakin/viewimage/Shutterstock

Products You May Like

Articles You May Like

Sophisticated TA397 Malware Targets Turkish Defense Sector
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
CISA and EPA Warn of Cyber Risks to Water System Interfaces
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High

Leave a Reply

Your email address will not be published. Required fields are marked *