Palo Alto Networks says it fixed two major firewall zero-days being used in thousands of attacks
One of the bugs is critical, so patch now
· TechRadarNews By Sead Fadilpašić published 22 November 2024
- Palo Alto Networks releases patch for two serious flaws impacting its firewalls
- The flaws were being abused in the wild to drop malware
- CISA added them to its KEV catalog
Palo Alto Networks has revealed it fixed two major vulnerabilities plaguing its firewalls.
The bugs are an authentication bypass in the PAN-OS management web interface (CVE-2024-0012), and a privilege escalation flaw in PAN-OS (CVE-2024-9474). The former has a severity score of 9.3 (critical), and grants crooks the ability to gain admin privileges on the target endpoint, and the latter has a lower score, 6.9 (medium), but helps run commands on the firewall.
Cybercriminals were chaining the flaws to gain admin privileges and run commands on exposed endpoints, it confirmed. Therefore, users are advised to apply the patches as soon as possible.
Added to CISA's KEV
Palo Alto said it was looking into ongoing attacks in which the two bugs were chained to strike “a limited number of device management web interfaces” with malware and arbitrary commands.
"This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company said in an advisory. "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."
Both vulnerabilities have since been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild abuse. Federal agencies have until December 9 to patch the bugs, or stop using the affected firewalls altogether.
Palo Alto said that only a “very small number” of firewalls is being targeted. However, citing data from the threat monitoring platform Shadowserver, BleepingComputer reported that there are more than 2,700 vulnerable PAN-OS instances.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors