www.techtarget.com
Open in
urlscan Pro
104.18.18.71
Public Scan
Submitted URL: https://go.techtarget.com/r/305558817/45451293
Effective URL: https://www.techtarget.com/searchsecurity/news/366616076/2-Palo-Alto-Networks-zero-day-vulnerabilities-under-attack?utm_cam...
Submission: On November 26 via api from CA — Scanned from CA
Effective URL: https://www.techtarget.com/searchsecurity/news/366616076/2-Palo-Alto-Networks-zero-day-vulnerabilities-under-attack?utm_cam...
Submission: On November 26 via api from CA — Scanned from CA
Form analysis 1 forms found in the DOM
POST https://www.techtarget.com/search
<form action="https://www.techtarget.com/search" method="post" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input ui-autocomplete-input" id="header-search-input" autocomplete="off" type="text" placeholder="Search the TechTarget Network">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
</form>Text Content
3
Trending Now
Generative AI Augments Marriott's Cybersecurity Posture with AWS Partners
Deloitte and Palo Alto NetworksDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
*
Generative AI Augments Marriott's Cybersecurity Posture with AWS Partners
Deloitte and Palo Alto NetworksDownload Now
*
With Ransomware Resurging, Enterprises need new strategiesDownload Now
*
Finance for DummiesDownload Now
Search Security
Search the TechTarget Network
Login Register
Explore the Network
* TechTarget Network
* Networking
* CIO
* Enterprise Desktop
* Cloud Computing
* Computer Weekly
* Search Security
* * Analytics & Automation
* Application & Platform Security
* Cloud Security
* Compliance
* Data Security & Privacy
* More Topics
* IAM
* Network Security
* Operations & Management
* Risk Management
* Security Careers & Certifications
* Threat Detection & Response
* Threats & Vulnerabilities
Other Content
* News
* Features
* Tips
* Webinars
* 2024 IT Salary Survey Results
* Sponsored Sites
* More
* Answers
* Conference Guides
* Definitions
* Opinions
* Podcasts
* Quizzes
* Tech Accelerators
* Tutorials
* Videos
* Follow:
*
*
*
*
*
* Home
* Threats and vulnerabilities
Getty Images/iStockphoto
Getty Images/iStockphoto
News
2 PALO ALTO NETWORKS ZERO-DAY VULNERABILITIES UNDER ATTACK
CVE-2024-9474 MARKS THE SECOND ZERO-DAY VULNERABILITY IN PALO ALTO NETWORKS'
PAN-OS FIREWALL MANAGEMENT INTERFACE TO COME UNDER ATTACK IN THE LAST WEEK.
* Share this item with your network:
*
*
*
*
*
*
*
* *
*
*
*
By
* Arielle Waldman, News Writer
Published: 19 Nov 2024
Palo Alto Networks warned that attackers are now exploiting two zero-day
vulnerabilities in its firewall management interfaces that could let threat
actors gain highly privileged access.
Last week, Palo Alto Networks disclosed that an unauthenticated remote command
execution zero-day vulnerability it tracked as PAN-SA-2024-0015 was under
attack. At the time, the vulnerability, which affects PAN-OS firewall software,
remained unpatched and was not assigned a CVE.
The threat has escalated this week. In research published on Monday, Palo Alto
Networks' Unit 42 detailed an investigation into ongoing attacks against two
zero-day vulnerabilities in the vendor's web management interface. The first is
PAN-SA-2024-0015, now tracked as CVE-2024-0012, and the second is a privilege
escalation vulnerability tracked as CVE-2024-9474.
The security vendor said it is tracking threat activity related to CVE-2024-0012
under the name "Operation Lunar Peek." So far, Palo Alto said exploitation has
been limited, and patches have been released for both flaws.
"An authentication bypass in Palo Alto Networks PAN-OS software enables an
unauthenticated attacker with network access to the management interface to gain
PAN-OS administrator privileges to perform administrative actions, tamper with
the configuration, or exploit other authenticated privilege escalation
vulnerabilities like CVE-2024-9474," Unit 42 wrote in the research post. "Risk
of this issue is greatly reduced if you secure access to the management web
interface by restricting access to only trusted internal IP addresses according
to our recommended best practice deployment guidelines."
Multiple organizations have confirmed exploitation activity. CISA added both
flaws to its Known Exploited Vulnerabilities catalog on Monday, giving federal
agencies a deadline of Dec. 9 to apply fixes. Additionally, The Shadowserver
Foundation, a cybersecurity nonprofit organization, said it has observed more
than 6,000 exploitation attempts against Palo Alto's PAN-OS management interface
since Monday.
UPDATE: On Thursday, the ShadowServer Foundation provided an update on
Mastodon that revealed 2,000 PAN-OS Management Interfaces have been compromised
through exploitation of CVE-2024-0012 and CVE-2024-9474. The cybersecurity
organization collaborated with the Saudi National Cybersecurity Authority to
obtain information about the exploitation activity. Scans showed compromises
primarily affected Palo Alto Network devices located in the U.S. and India.
Cybersecurity vendor WatchTowr published a blog post Tuesday that detailed the
two zero-day vulnerabilities. WatchTowr Labs researchers highlighted how popular
SSL VPN flaws are among attackers. For example, earlier this year, attackers
exploited another critical zero-day vulnerability in Palo Alto Networks' PAN-OS
software, tracked as CVE-2024-3400.
WatchTowr's blog post added that these types of flaws are easy for attackers to
exploit "once you know how." Researchers expanded on the timeline and said
they've been hearing rumors related to CVE-2024-0012 over the past few weeks.
Palo Alto Networks initially published an advisory for PAN-SA-2024-0015 on Nov.
8, saying it was aware of reports about a remote code execution vulnerability
via the PAN-OS management interface, but had not confirmed the existence of the
flaw at that time.
"Kudos to Palo Alto for warning its customers of a potential bug before
confirming it, and releasing patches as soon as possible. The general security
posture of the device is such that mitigations were in place to restrict access
to the management interface via a strict ruleset of IP whitelisting," WatchTowr
Labs researchers wrote.
On the other hand, WatchTowr also criticized Palo Alto Networks for the flaws
themselves. "It's amazing that these two bugs got into a production appliance,
amazingly allowed via the hacked-together mass of shell script invocations that
lurk under the hood of a Palo Alto appliance," the blog post said.
While Unit 42's research post did not specify that CVE-2024-0012 and
CVE-2024-9474 were exploited as part of an exploit chain, WatchTowr said it was
strongly suggested. WatchTowr researchers said they are holding off on releasing
a proof-of-concept exploit to give organizations time to patch.
Like WatchTowr, Tenable also said Unit 42's description implies that attackers
are chaining the two zero-day vulnerabilities. The security company published a
blog post Monday that expanded on the flaws. Tenable warned that the exploit
chain could let attackers gain root privileges on firewalls. Tenable said it
also believes that CVE-2024-9474 is part of Operation Lunar Peek, though Palo
Alto Networks has not shared additional details.
Palo Alto Networks provided the following statement to TechTarget Editorial:
> These vulnerabilities could allow attackers to take control of firewalls if
> they have access to the management interface; internet-exposed management
> interfaces are at significantly higher risk. We are actively working with
> impacted customers and urge all organizations to immediately determine if
> their firewalls are at risk and apply the security patches as detailed in
> Security Advisory PAN-SA-2024-0015. Palo Alto Networks is committed to
> supporting the security of our customers.
This article was updated on 11/21/2024.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise
security.
RELATED RESOURCES
* Triaging Cyber Risk Across the Enterprise with CyberSaint and IBM watsonx
–Replay
* The Ripple Effect: How Latest Cyber Threats and Vulnerabilities Impact
Business... –Video
* Threat and Vulnerability Management –Video
* The Power of Native Cloud Detection and Response Services –AWS & Elastic
DIG DEEPER ON THREATS AND VULNERABILITIES
* PALO ALTO NETWORKS PAN-OS MANAGEMENT INTERFACES UNDER ATTACK
By: Alexander Culafi
* IRANIAN APT CAUGHT ACTING AS ACCESS BROKER FOR RANSOMWARE CREWS
By: Alex Scroxton
* 2024 SEEING MORE CVES THAN EVER BEFORE, BUT FEW ARE WEAPONISED
By: Alex Scroxton
* CHINESE CYBER ATTACK SPARKS ALERT OVER SIX-YEAR-OLD MS VULN
By: Alex Scroxton
Sponsored News
* What to Look for in a Server Vendor in 2024 –Dell Technologies and Intel
* Why sustainability, why now, why Dell? –Dell Technologies and Intel
* Servers and Security: 4 Keys to Maximizing End-to-End Protection –Dell
Technologies and Intel
* See More
Related Content
* Palo Alto Networks PAN-OS management interfaces under... – Search Security
* Palo Alto Networks discloses RCE zero-day ... – Search Security
* MoveIt Transfer vulnerability targeted amid ... – Search Security
Latest TechTarget resources
* Networking
* CIO
* Enterprise Desktop
* Cloud Computing
* Computer Weekly
Search Networking
* 14 common network protocols and their functions explained
Networking makes the internet work, but neither can succeed without
protocols. Common network protocols and their functions are ...
* 5 principles of change management in networking
Network change management includes five principles, including risk analysis
and peer review. These best practices can help ...
* A guide to Li-Fi technology
Li-Fi is an emerging wireless technology that uses visible light to transmit
data instead of radio frequencies. Though still ...
Search CIO
* DOJ's push to break up Google faces tough odds
The Department of Justice wants Google to sell its Chrome browser and
possibly even Android, in a move that some view as extreme ...
* Elon Musk, big tech ties to China raise security concerns
A U.S. senator warns U.S. tech companies that deep ties to China pose
national security risks as cyberattacks rise. Time to ...
* Best project portfolio management software and tools in 2025
Project portfolio management software and tools in 2025 promote strategic
management of projects and agile tactics. Read our PPM ...
Search Enterprise Desktop
* How to create a custom Windows 11 ISO file
With a custom Windows 11 ISO file, IT departments can streamline deployment
and apply new version of Windows to repair OS ...
* How to make the most of Windows Autopatch with Intune
IT administrators can use Intune to manage numerous settings related to
Windows OSes and business apps. The Windows Autopatch ...
* How to perform a Windows 11 ISO file install
The days of IT departments manually provisioning Windows OSes and company
settings onto each PC are long gone, but IT staff still...
Cloud Computing
* A conference guide to AWS re:Invent 2024
Explore the latest news, product releases and technology updates, as well as
analysis and expert advice from AWS re:Invent 2024 ...
* 12-step checklist for cloud migration success
Ready to move your on-premises apps to the cloud? From rehosting vs.
redesigning to testing and monitoring, follow these key ...
* Microsoft Launches Azure Local for Hybrid Cloud, edge uses
Along with Azure Local, Microsoft launched a migration tool for enterprises
that want to ditch their VMware by Broadcom VMs.
ComputerWeekly.com
* Cisco, NTT Data simplify 5G connectivity for global mobile workforce
IT and comms giant expands global partnership with digital business to
enhance secure wireless access, digital services and ...
* Verizon reports 1.6 Tbps data transmission field trial
Optical technology provider reveals successful data transmission test using
coherent service to move data at almost two terabits ...
* How Kong is driving the future of APIs
From its open-source API gateway to a full platform play, Kong is
orchestrating the future of APIs with a growing presence in the...
* About Us
* Editorial Ethics Policy
* Meet The Editors
* Contact Us
* Videos
* Photo Stories
* Definitions
* Guides
* Advertisers
* Partner with Us
* Media Kit
* Corporate Site
* Contributors
* Reprints
* Events
* E-Products
All Rights Reserved, Copyright 2000 - 2024, TechTarget
Privacy Policy
Cookie Preferences
Cookie Preferences
Do Not Sell or Share My Personal Information
Close