Security operations · 1 MIN READ · AARON WALTON · NOV 18, 2024 · TAGS: Cloud security
TL;DR
- Palo Alto Networks (PAN) confirmed a firewall vulnerability on November 14 (CVE-2024-0012)
- The vulnerability is considered critical, and the impacted firewalls should be updated to the latest PAN-OS version and organizations should ensure the firewalls aren’t exposed to the internet
- Ensuring the firewall isn’t exposed is a temporary mitigation that substantially reduces the risk of exploitation until the patch is applied
What happened?
Palo Alto Networks (PAN) is warning customers to ensure their firewall management interfaces aren’t accessible from the internet, due to ongoing exploitation of a new vulnerability (CVE-2024-0012). The vulnerability was originally reported in early November and on November 14, PAN confirmed the reports and published information in this advisory.
If a PAN firewall management interface is exposed to the internet, it could allow an attacker to bypass the authentication mechanisms and make themselves an administrator. As an administrator, they’re able to modify the configuration (or even place a webshell on the server), giving themselves persistence and long-term access to a victim’s entire network.
What should you do right now?
To reduce exposure to your firewall interface, you should follow these step-by-step instructions provided by PAN to confirm the security of your firewall.
Why does it matter?
PAN released the patch this morning, but the firewall vulnerability is already under active exploitation. It’s important for organizations to ensure their devices aren’t accessible to the general internet. If they are exposed, they should be configured to have restricted access.
What next?
We’re keeping a close eye on this situation as it unfolds, and we’re monitoring the environments of Expel customers with PAN firewalls for evidence of exploitation. We’ll update this post with big developments, but if you or your team have any additional questions regarding this vulnerability, or information regarding signs of exploitation, please reach out to us.
