Palo Alto Networks Firewalls Compromised by Exploited Vulnerabilities

2024-11-22

Need some ammo against Palo Alto Networks? This article is for you!

 

Hackers have compromised over 2,000 Palo Alto Networks firewalls by exploiting two recently patched zero-day vulnerabilities. These vulnerabilities include an authentication bypass in the PAN-OS management web interface, allowing remote attackers to gain administrator privileges, and a privilege escalation flaw enabling command execution with root privileges. Despite the company's assurance of limited impact, threat monitoring indicates widespread vulnerability, with over 2,700 devices at risk. Additionally, a critical flaw in the Expedition firewall configuration tool was exploited earlier, highlighting the ongoing challenge of securing Palo Alto Networks devices against emerging threats.

 

Key Facts

Risks:

Zero-Day, Privilege Escalation, Patch Management

Keywords:

Palo Alto Networks, PAN-OS, Firewall Vulnerabilities, Authentication Bypass, Privilege Escalation

CVE:

CVE-2024-0012; CVE-2024-9474; CVE-2024-5910; CVE-2024-3400

Affected:

Palo Alto Networks firewalls, PAN-OS, Expedition firewall configuration tool

 

Article Body

Recent Exploitation of Palo Alto Networks Firewalls

Hackers have taken advantage of vulnerabilities in Palo Alto Networks firewalls, compromising over 2,000 devices. These attacks exploited two recently patched zero-day vulnerabilities, each posing significant security risks.

Key Vulnerabilities

  1. Authentication Bypass in PAN-OS: One of the vulnerabilities is an authentication bypass in the PAN-OS management web interface. This flaw allows remote attackers to gain administrator privileges, potentially giving them control over the firewall.

  2. Privilege Escalation in PAN-OS: The second vulnerability is a privilege escalation issue, which lets attackers execute commands on the firewall with root privileges. This means attackers can perform actions as if they were the system's top administrator, significantly increasing the potential damage.

Scope and Impact

While Palo Alto Networks has claimed that only a small number of their PAN-OS firewalls are affected, threat monitoring platforms like Shadowserver report otherwise. They have identified over 2,700 vulnerable PAN-OS devices and noted that approximately 2,000 firewalls have been compromised since the attacks began.

Previous Related Vulnerabilities

Earlier in November, there was also a critical missing authentication flaw in the Expedition firewall configuration migration tool. This flaw, patched back in July, could be exploited to reset application admin credentials on exposed Expedition servers. Additionally, earlier in the year, another severe PAN-OS firewall vulnerability impacted over 82,000 devices, emphasizing the ongoing challenges in securing these systems.

Remediation Efforts

Palo Alto Networks has been proactive in addressing these issues by releasing patches and advising customers to restrict access to their firewalls. It's crucial for organizations using these firewalls to apply the latest updates and follow best practices in access management to mitigate the risks posed by these vulnerabilities.

 

Read More

https://www.bleepingcomputer.com/news/security/over-2-000-palo-alto-firewalls-hacked-using-recently-patched-bugs/