Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

 

Call Anytime 24/7

 
Mail Us For Support
 
Office Address

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released.

  • Home
  • cyber security
  • PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released.
firewall vulnerability

Palo Alto Networks observed malicious activity from the following IP addresses targeting PAN-OS management web interface IP addresses accessible over the internet:

• 136.144.17[.]*
• 173.239.218[.]251
• 216.73.162[.]*

The company warns that these IPs may represent third-party VPNs with legitimate user activity originating from these IPs to other destinations.

Exploitation Details: The vulnerability allows unauthenticated remote command execution and is being used to deploy a web shell on compromised devices, enabling persistent remote access by threat actors. The flaw, yet to be assigned a CVE identifier, has a CVSS score of 9.3, indicating critical severity.

Mitigation and Recommendations: The vulnerability requires no user interaction or privileges to exploit, and its attack complexity is considered low. However, the severity drops to high (CVSS score: 7.5) if access to the management interface is restricted to a limited pool of IP addresses.

Palo Alto Networks began advising customers on November 8, 2024, to secure their firewall management interfaces amid reports of a remote code execution (RCE) flaw. The vulnerability has been exploited in a “limited number” of instances.

Current Status and Future Actions: There are no details on how the vulnerability was discovered, the threat actors behind the exploitation, or the targets of these attacks. Prisma Access and Cloud NGFW products are not impacted.

Patches for the vulnerability are yet to be released, making it crucial for users to secure access to the management interface immediately if not already done.

Additional Exploits: The advisory follows reports of active exploitation of three other critical flaws in Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). There is currently no evidence linking these activities.

Leave A Comment

Your email address will not be published. Required fields are marked *