Security News > 2024 > November > 2,000 Palo Alto Networks devices compromised in latest attacks

2,000 Palo Alto Networks devices compromised in latest attacks
2024-11-21 11:20

Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and automated scanning activity has been spotted Approximately two weeks ago, Palo Alto Networks warned that attackers have been spotted leveraging a zero-day flaw to achieve remote code execution on vulnerable devices, and advised admins to … More → The post 2,000 Palo Alto Networks devices compromised in latest attacks appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/21/palo-alto-firewalls-compromised-cve-2024-0012-cve-2024-9474/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-9474 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-78
7.2
7.2
2024-11-18 CVE-2024-0012 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-306
critical
 9.8
9.8