In a security advisory, Palo Alto Networks warns of two critical security vulnerabilities in its PAN-OS firewall operating system. There you can also read that the two vulnerabilities are already being actively exploited. This affects thousands of firewalls worldwide if their management interface has been released for use over the Internet.
There had already been warnings from security experts. In the meantime, individual attacks also became public. That’s why the security vulnerabilities in PAN-OS have also attracted the attention of the American Cybersecurity Agency (Cisa). So became the weak points CVE-2024-0012 (9.3) and CVE-2024-9474 (6.9) was added to the catalog of exploited security vulnerabilities at the beginning of November. In the exploit, the cybercriminals are likely to use both vulnerabilities one after the other. The login can be bypassed with CVE-2024-0012. This allows hackers to gain administrator rights. Your own code can then be injected via CVE-2024-9474. How ‘Heise’ writes, a webshell was used to execute system commands.
Both vulnerabilities affect the PAN-OS web management interface and can be found in versions 10.1, 10.2, 11.0, 11.1 and 11.2. While Palo Alto previously recommended securing access to the management interface, the company has now released patches.
Saw reports of active exploitation shortly thereafter, which highlighted the urgency for companies to address these vulnerabilities quickly.
Interview with 2 Guests about the Security Vulnerabilities in PAN-OS Firewall Operating System with Palo Alto Networks:
Guest 1: John Smith, Chief Information Security Officer at a Large Enterprise
Guest 2: Jane Doe, Lead Security Researcher at a Cybersecurity Firm
Section 1: Understanding the Criticality of the Security Vulnerabilities in PAN-OS
Interviewer: Hello, we have with us today, John Smith, Chief Information Security Officer at a large enterprise, and Jane Doe, Lead Security Researcher at a cybersecurity firm. Thank you both for taking the time to speak with us today. Could you please describe the severity of these two critical security vulnerabilities in Palo Alto Networks’ PAN-OS Firewall operating system?
John Smith: Sure, the two vulnerabilities – CVE-2024-0012 and CVE-2024-9474 are considered very critical and pose a significant risk to thousands of firewalls worldwide if their management interface has been released for use over the internet. These vulnerabilities allow attackers to bypass authentication and inject their own code into the system, which could lead to complete takeover of the affected device.
Jane Doe: Absolutely. We’ve seen these vulnerabilities being actively exploited in the wild, which means the risk is imminent. It’s essential that organizations take immediate action to patch their systems and secure them against potential attacks.
Section 2: Earlier Warnings and Public Attacks
Interviewer: There had already been warnings from security experts about these vulnerabilities. Could you tell us more about that?
John Smith: Yes, security researchers had been alerting Palo Alto Networks about these vulnerabilities for quite some time before they were made public. However, it wasn’t until the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added them to their catalog of exploited security vulnerabilities in early November that there was widespread attention on the issue.
Jane Doe: That’s right. The warnings were there, but the fact that CISA got involved made it clear that this was a serious threat. Not only that, but we
