Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

https://firewall.firm.in/wp-content/uploads/2024/11/paloaltonetworks-exploit.png

Nov 16, 2024Ravie LakshmananVulnerability / Network Security

PAN-OS Firewall Vulnerability

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.

To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP addresses that are accessible over the internet –

  • 136.144.17[.]*
  • 173.239.218[.]251
  • 216.73.162[.]*
Cybersecurity

The company, however, warned that these IP addresses may possibly represent “third-party VPNs with legitimate user activity originating from these IPs to other destinations.”

Palo Alto Networks’ updated advisory indicates that the flaw is being exploited to deploy a web shell on compromised devices, allowing threat actors to gain persistent remote access.

The vulnerability, which is yet to be assigned a CVE identifier, carries a CVSS score of 9.3, indicating critical severity. It allows for unauthenticated remote command execution.

According to the company, the vulnerability requires no user interaction or privileges to exploit, and its attack complexity has been deemed “low.”

That said, the severity of the flaw drops to high (CVSS score: 7.5) should access to the management interface be restricted to a limited pool of IP addresses, in which case the threat actor will have to obtain privileged access to those IPs first.

On November 8, 2024, Palo Alto Networks began advising customers to secure their firewall management interfaces amid reports of a remote code execution (RCE) flaw. It has since been confirmed that the mysterious vulnerability has been abused against a “limited number” of instances.

There are currently no details on how the vulnerability came to light, the threat actors behind the exploitation, and the targets of these attacks. Prisma Access and Cloud NGFW products are not impacted by the flaw.

Cybersecurity

Patches for the vulnerability are yet to be released, making it imperative that users take immediate steps to secure access to the management interface, if not already.

The advisory comes as three different critical flaws in the Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) have come under active exploitation, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). At this stage, there is no evidence to suggest that the activities are related.

(This is a developing story. Please check back for more updates.)

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket