- One of the best ultraportable work laptops I've tested isn't made by Dell or Lenovo
- The best laptops for graphic designers: Expert tested and reviewed
- The 65+ best Black Friday TV deals 2024: Early sales live now
- Why this $60 Android Auto wireless adapter is my favorite tech accessory this year
- Red Hat Enterprise Linux 9.5 gains security, networking upgrades
Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Act
An unauthenticated remote command execution (RCE) vulnerability against Palo Alto Networks’ internet-exposed firewall management interfaces is actively being exploited, according to the cybersecurity provider.
On November 8, Palo Alto published a security advisory to warn of a zero-day vulnerability affecting some of its PAN-OS firewall management interfaces.
The flaw is an unauthenticated RCE vulnerability affecting internet-exposed new-generation firewall (NGFW) internet management interfaces.
CVSS Score of 9.3
Although the vulnerability has not yet been allocated a CVE, Palo Alto assessed it as critical, with a CVSS of 9.3.
However, the vulnerability only affects public-facing NGFW management interfaces. The manufacturer believes neither Prisma Access nor Cloud NGFW are affected.
“If the management interface access is restricted to IPs, the risk of exploitation is greatly limited, as any potential attack would first require privileged access to those IPs. CVSS for this scenario is 7.5 High,” added the company.
While Palo Alto did not initially mention any threat activity related to this new vulnerability, the firm updated its advisory on November 14 to confirm it has now observed in-the-wild exploitation.
Read more about Palo Alto zero-days: Palo Alto Networks Warns About Critical Zero-Day in PAN-OS
Palo Alto Working on a Patch
Palo Alto informed customers that it is actively developing patches and threat prevention signatures, which are expected to be released soon.
“We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines,” Palo Alto added in its advisory.
This comes only days after the US Cybersecurity and Infrastructure Security Agency (CISA) added another vulnerability affecting a Palo Alto product – this time Palo Alto Expedition (CVE-2024-5910) – to its Known Exploited Vulnerability (KEV) catalog.
Fortinet, another firewall provider, has also experienced the disclosure of several zero-day vulnerabilities being actively exploited in the past month.
Photo credit: Michael Vi/Tada Images/Shutterstock