An unauthenticated distant command execution (RCE) vulnerability in opposition to Palo Alto Networks’ internet-exposed firewall administration interfaces is actively being exploited, based on the cybersecurity supplier.
On November 8, Palo Alto revealed a safety advisory to warn of a zero-day vulnerability affecting a few of its PAN-OS firewall administration interfaces.
The flaw is an unauthenticated RCE vulnerability affecting internet-exposed new-generation firewall (NGFW) web administration interfaces.
CVSS Rating of 9.3
Though the vulnerability has not but been allotted a CVE, Palo Alto assessed it as vital, with a CVSS of 9.3.
Nonetheless, the vulnerability solely impacts public-facing NGFW administration interfaces. The producer believes neither Prisma Entry nor Cloud NGFW are affected.
“If the administration interface entry is restricted to IPs, the danger of exploitation is enormously restricted, as any potential assault would first require privileged entry to these IPs. CVSS for this situation is 7.5 Excessive,” added the corporate.
Whereas Palo Alto didn’t initially point out any menace exercise associated to this new vulnerability, the agency up to date its advisory on November 14 to verify it has now noticed in-the-wild exploitation.
Learn extra about Palo Alto zero-days: Palo Alto Networks Warns About Vital Zero-Day in PAN-OS
Palo Alto Engaged on a Patch
Palo Alto knowledgeable prospects that it’s actively creating patches and menace prevention signatures, that are anticipated to be launched quickly.
“We strongly advocate prospects to make sure entry to your administration interface is configured accurately in accordance with our advisable greatest follow deployment pointers,” Palo Alto added in its advisory.
This comes solely days after the US Cybersecurity and Infrastructure Safety Company (CISA) added one other vulnerability affecting a Palo Alto product – this time Palo Alto Expedition (CVE-2024-5910) – to its Identified Exploited Vulnerability (KEV) catalog.
Fortinet, one other firewall supplier, has additionally skilled the disclosure of a number of zero-day vulnerabilities being actively exploited up to now month.
Picture credit score: Michael Vi/Tada Pictures/Shutterstock
