Palo Alto Networks Patches Critical Firewall Vulnerability

News

Written by

Photo of Kevin Poireault

Kevin Poireault

Reporter, Infosecurity Magazine

Palo Alto Networks has released a security patch to fix a critical vulnerability in instances of its firewall management interfaces.

The security vendor disclosed the flaw on November 8 and later confirmed evidence of in-the-wild exploitation. It was initially tracked by Palo Alto as PAN-SA-2024-0015.

It has now been allocated a common vulnerabilities and exposures (CVE) number, CVE-2024-12.

Critical, Actively Exploited Vulnerability

The vulnerability is an authentication bypass found in the PAN-OS management web interface used to manage Palo Alto’s next-generation firewalls (NGFWs).

It affects PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1 and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted.

Exploiting this flaw could enable an unauthenticated attacker network access to the management web interface. With this access they could gain PAN-OS administrator privileges to perform administrative actions and tamper with the configuration.

Palo Alto gave the flaw a common vulnerability severity score (CVSS) of 9.3, meaning it is critical.

The vendor also said on November 14 that it “observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.”

Palo Alto Networks: Patch Urgently

A patch was released on November 18 for the following versions: PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1 and all later PAN-OS versions.

This patch also fixes CVE-2024-9474, another vulnerability in PAN-OS disclosed on November 18.

The vendor said that Palo Alto NGFW users with these versions should urgently patch it.

“In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases,” said the Palo Alto advisory.

The vendor also said that the risk of this issue can be reduced by restricting access to the management web interface to only trusted internal IP addresses.

Read now: A Guide to Zero-Day Vulnerabilities and Exploits for the Uninitiated

Photo credit: Mojahid Mottakin/viewimage/Shutterstock

You may also like

  1. Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

    News

  2. Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

    News

  3. 25 Years On, Firewalls are Still Burning Bright

    Opinion

  4. Researchers Publish PoC for Docker Escape Bug

    News

  5. Lost in Translation? Managing Mixed Firewall Estates

    Opinion

What’s hot on Infosecurity Magazine?