Security News > 2024 > November > Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified
2024-11-24 09:00
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Researchers unearth two previously unknown Linux backdoors ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. ScubaGear: Open-source tool to … More → The post Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified appeared first on Help Net Security.
News URL
Related news
- Mysterious Palo Alto firewall reboots? You're not alone (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Attackers are chaining flaws to breach Palo Alto Networks firewalls (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- New Auto-Color Linux backdoor targets North American govts, universities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-9474 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 7.2 |
| 2024-11-18 | CVE-2024-0012 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 9.8 |