Outbreak AlertPalo Alto Networks Management Interface Attack
Watch Video
PAN-OS vulnerabilities actively exploited
Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being exploited in the wild, affect the Management Web Interface. Successful exploitations allows attackers to bypass authentication and gain administrator-level access without any user interaction. Learn More »
Common Vulnerabilities and Exposures
Background
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability (CVE-2024-9474) is an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability (CVE-2024-0012) is an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Fortinet customers remain protected through the Intrusion Prevention Service (IPS) and additionally has blocked all the related known IOCs. FortiGuard Labs advises organizations to apply the latest security updates to fully mitigate any risks. Fixes for both vulnerabilities are available. Please refer to the Palo Alto Networks Security Advisories listed below.
-
February 18, 2025: Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 (a recently disclosed authentication bypass vulnerability) with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.
https://security.paloaltonetworks.com/CVE-2025-0108 -
November 21, 2024: Shadowserver reported approximately 2,000 have been compromised since the start of this ongoing campaign.
https://bsky.app/profile/shadowserver.bsky.social/post/3lbh6k7p7pc27 -
November 18, 2024: CISA Added both the vulnerabilites to Known Exploited Vulnerabilities Catalog (KEV.)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog -
November 18, 2024: Palo Alto Networks published PAN-OS Management Interface OS Command Injection Vulnerability (CVE-2024-9474).
https://security.paloaltonetworks.com/CVE-2024-9474 -
November 08, 2024: Palo Alto Networks published Authentication Bypass in the Management Web Interface (CVE-2024-0012).
https://security.paloaltonetworks.com/CVE-2024-0012
Attack Sequence
Actions taken by cyber attacker or a malicious entity to compromise a target system or network.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
IPS
-
Web App Security
-
Web & DNS Filter
-
Botnet C&C
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Cloud Threat Detection
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.