{"id":36425,"date":"2024-11-16T09:05:31","date_gmt":"2024-11-16T08:05:31","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=36425"},"modified":"2024-11-16T09:05:36","modified_gmt":"2024-11-16T08:05:36","slug":"cisa-warns-about-attacks-on-0-day-vulnerability-in-palo-alto-networks-firewalls","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/11\/16\/cisa-warns-about-attacks-on-0-day-vulnerability-in-palo-alto-networks-firewalls\/","title":{"rendered":"CISA warns about attacks on 0 day vulnerability in Palo Alto Networks firewalls"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/11\/16\/bsi-cisa-warnung-angriffe-auf-ungepatchte-schwachstelle-in-firewalls-von-palo-alto-networks\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]An unpatched vulnerability (0-day) exist in the firewalls of Palo Alto Networks. The management interface can be accessed via this vulnerability. This 0-day vulneability is already being exploited for attacks. Both the BSI and the US authority CISA have issued a warning: customers should secure their firewalls immediately.<\/p>\n<p><!--more--><\/p>\n<h2>Warning about a 0-day vulnerability<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/d8f4ff4f39f745d6baebb23f8f1736c2\" alt=\"\" width=\"1\" height=\"1\" \/>The warning about an unpatched vulnerability in Palo Alto Networks firewalls can be found in several places on the internet. I noticed the following <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">warning<\/a> from US CISA, yesterday, November 15, 2024.<\/p>\n<p><a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/B6P84xcr\/image.png\" alt=\"0-day in Palo Alto Networks firewalls\" width=\"596\" height=\"507\" \/><\/a><\/p>\n<p>In a <a href=\"https:\/\/security.paloaltonetworks.com\/PAN-SA-2024-0015\" target=\"_blank\" rel=\"noopener\">security advisory<\/a> a few days ago, the manufacturer had previously announced a potential threat from a vulnerability in its firewall management interface. The US authority CISA warns in <a href=\"https:\/\/x.com\/CISACyber\/status\/1857149329397497980\" target=\"_blank\" rel=\"noopener\">this tweet<\/a> and refers to the <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">vulnerability catalog<\/a> with exploited vulnerabilities.<\/p>\n<h2>Vulnerability CVE-2024-9463<\/h2>\n<p>There is a command injection vulnerability <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-9463\" target=\"_blank\" rel=\"noopener\">CVE-2024-9463<\/a> (CVSSv4.0 Base Score: 9.3) in Palo Alto Networks Expedition OS that allows an unauthenticated attacker to execute arbitrary operating system commands as root in Expedition, resulting in the disclosure of usernames, plaintext passwords, device configurations and device API keys of PAN-OS firewalls.<\/p>\n<h2>Attacks observed<\/h2>\n<p>Palo Alto Networks then updated its <a href=\"https:\/\/security.paloaltonetworks.com\/PAN-SA-2024-0015\" target=\"_blank\" rel=\"noopener\">security advisory<\/a> on November 14, 2024. The manufacturer now points out that attacks on vulnerable devices are now taking place. According to the advisory, a limited number of attacks on firewalls whose management interface is accessible on the internet have been confirmed. The urgency of the matter has therefore been raised to the highest level.<\/p>\n<p>The manufacturer is not currently providing any details about the affected versions or devices. However, all models that do not secure the management interface according to best practices and therefore expose it to the outside world are said to be potentially at risk.<\/p>\n<p>Information on what to do to secure the management interface (isolate it from accessibility via the Internet) can be found in the <a href=\"https:\/\/security.paloaltonetworks.com\/PAN-SA-2024-0015\" target=\"_blank\" rel=\"noopener\">Security Advisory<\/a>. Palo Alto Networks has also published the document <a href=\"https:\/\/live.paloaltonetworks.com\/t5\/community-blogs\/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo\/ba-p\/464431\">Tips &amp; Tricks:<\/a> <a href=\"https:\/\/live.paloaltonetworks.com\/t5\/community-blogs\/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo\/ba-p\/464431\" target=\"_blank\" rel=\"noopener\">How to Secure the Management Access of Your Palo Alto Networks Device<\/a> with instructions on how to secure it. Administrators should therefore act immediately.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]An unpatched vulnerability (0-day) exist in the firewalls of Palo Alto Networks. The management interface can be accessed via this vulnerability. This 0-day vulneability is already being exploited for attacks. Both the BSI and the US authority CISA have issued &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/11\/16\/cisa-warns-about-attacks-on-0-day-vulnerability-in-palo-alto-networks-firewalls\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[69,1544],"class_list":["post-36425","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=36425"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36425\/revisions"}],"predecessor-version":[{"id":36426,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36425\/revisions\/36426"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=36425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=36425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=36425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}