408/67 Monday, November 18, 2024
Palo Alto Networks has confirmed the discovery of a new zero-day vulnerability with a CVSS severity score as high as 9.3, affecting the management interface of PAN-OS firewalls. This vulnerability is actively being exploited for system intrusions. Just one day after confirming the issue, the company released Indicators of Compromise (IoC) to help users quickly detect and defend against these attacks.
The vulnerability allows attackers to execute remote commands without authentication and does not require any user interaction or additional privileges. The attack complexity is considered low, enabling malicious actors to access and install web shells on compromised devices, leading to persistent remote access. However, if access to the management interface is restricted to specific IP ranges, the CVSS score drops to 7.5. Palo Alto Networks has disclosed IoCs, which include IP addresses associated with malicious activities: 136.144.17[.], 173.239.218[.]251, and 216.73.162[.].
The company cautions that these IP addresses may belong to third-party VPNs used for legitimate purposes, so thorough verification is necessary before taking any action. Palo Alto Networks recommends users take the following steps:
- Restrict access to the management interface to only necessary IP address ranges.
- Monitor system activities using the provided IoCs.
- Stay updated with alerts and advisories from the company.
As of now, there is no patch available for this vulnerability. The company is actively developing updates to address the issue and has confirmed that the attacks have only impacted a “limited number” of instances. However, to mitigate further risks, users should immediately secure access to the management interface if they haven’t already done so.
This incident underscores the need for constant vigilance regarding new vulnerabilities and threats, along with the implementation of stringent security policies. If left unaddressed, exploitation of this vulnerability could expose an organization’s network and sensitive data to significant risks.
Source https://thehackernews.com/2024/11/pan-os-firewall-vulnerability-under.html