Palo Alto Networks has issued a warning about cyber-attackers taking advantage of two zero-day vulnerabilities in its firewall management interfaces, potentially allowing them to access highly privileged information.
Initially, Palo Alto Networks disclosed a remote command execution zero-day vulnerability, identified as PAN-SA-2024-0015, which was being actively targeted. At the time, a patch had not yet been released for the vulnerability affecting PAN-OS firewall software.
However, the situation has intensified with Palo Alto Networks’ Unit 42 revealing ongoing attacks on two zero-day vulnerabilities in the vendor’s web management interface. The first vulnerability, now known as CVE-2024-0012, allows attackers to bypass authentication and gain administrator privileges on the PAN-OS software. The second vulnerability, tracked as CVE-2024-9474, is a privilege escalation vulnerability.
According to Unit 42’s research, the attack activity related to CVE-2024-0012 has been codenamed “Operation Lunar Peek.” Although the exploitation has been limited so far, patches have been released for both of these critical vulnerabilities.
Reports have confirmed multiple organizations falling victim to exploitation attempts, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to add both vulnerabilities to its Known Exploited Vulnerabilities catalog. The Shadowserver Foundation also reported witnessing over 6,000 exploitation attempts against Palo Alto’s PAN-OS management interface in a short span of time.
Another cybersecurity vendor, WatchTowr Labs, outlined the details of the zero-day vulnerabilities in a blog post, emphasizing the prevalent use of SSL VPN flaws by attackers. The company criticized Palo Alto Networks for allowing such critical vulnerabilities to exist in its software.
While Unit 42 did not explicitly confirm that the two vulnerabilities were exploited together, WatchTowr suggested that they were part of an exploit chain. Tenable echoed similar sentiments and warned that chaining the vulnerabilities could lead to attackers gaining root privileges on firewalls.
Palo Alto Networks responded by urging impacted customers to apply the necessary security patches to mitigate the risks posed by these vulnerabilities. The company emphasized the importance of securing internet-exposed management interfaces to reduce the likelihood of exploitation.
In conclusion, the threat landscape posed by these zero-day vulnerabilities underscores the critical need for organizations to remain vigilant and promptly apply patches to safeguard their systems against potential cyber-attacks. Palo Alto Networks continues to work closely with customers to address the security concerns and ensure the protection of their networks.