Palo Alto Networks Issues Emergency Patch For Zero-Day Vulnerability

Đinh Văn MạnhĐinh Văn Mạnh
2 min read

Palo Alto Networks has released patches for two critical zero-day vulnerabilities in their firewall system. These vulnerabilities have been actively exploited, threatening the security of many organizations using the company's products.

Details about the vulnerability

  1. Vulnerability CVE-2024-0012

  • Description: This is an authentication bypass vulnerability in the web management interface of PAN-OS. An attacker can gain administrative access without authentication.

  • Impact: Allows a remote attacker to control the system without any user interaction.

  1. Vulnerability CVE-2024-9474

  • Description: This vulnerability allows for privilege escalation, enabling malicious administrators to perform actions with root privileges on the system.

  • Impact: Increases the risk of insider attacks, especially from administrators with malicious intent.

Affected Versions

  • CVE-2024-0012 affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 on PA-Series, VM-Series, CN-Series, and Panorama devices (both virtual and M-Series).

  • CVE-2024-9474 affects PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2 on similar devices.

Patched Versions

  • PAN-OS 11.2: Versions 11.2.4-h1 and above.

  • PAN-OS 11.1: Versions 11.1.5-h1 and above.

  • PAN-OS 11.0: Versions 11.0.6-h1 and above.

  • PAN-OS 10.2: Versions 10.2.12-h2 and above.

  • PAN-OS 10.1: Versions 10.1.14-h6 and above.

Palo Alto Networks' Response

Palo Alto Networks quickly released patches to fix these vulnerabilities. The company also advised customers to limit access to the firewall management interfaces to reduce the risk of attacks.

Recommendations

  • Update immediately: Users should apply the latest patches from Palo Alto Networks to protect their systems.

  • Check configuration: Ensure that management interfaces are not exposed to the Internet or other untrusted networks.

  • Continuous monitoring: Implement continuous monitoring to quickly detect any unusual activities that may relate to exploiting the vulnerability.

References

  1. Palo Alto Networks patches two firewall zero-days used in attacks

  2. CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

  3. CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

  4. PoC for CVE-2024-0012: https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012

0
Subscribe to my newsletter

Read articles from Đinh Văn Mạnh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

threat intelligencevulnerabilitiesrepost

Written by

Đinh Văn Mạnh
Đinh Văn Mạnh