PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Palo Alto Networks has issued a critical security advisory regarding a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls.
The advisory, released on November 8, 2024, warns customers to restrict access to their firewall management interfaces due to this unconfirmed security threat.
While specific details about the vulnerability are still under investigation, Palo Alto Networks has emphasized that they actively monitor for signs of exploitation. At present, no active exploitation has been detected.
However, the company strongly recommends that customers ensure their management interface access is configured correctly, following best practice deployment guidelines.
Shadowserver has conducted scans to identify exposed PAN-OS management interfaces. Alarmingly, approximately 11,000 IP addresses with exposed management interfaces have been discovered.
Palo Alto published an advisory on 2024-10-08 warning of a claim of an RCE via the PAN-OS management interface. While no exploitation activity has yet been observed, we added fingerprinting for exposed PAN-OS mgmt interfaces in our Device ID report.
We see around 11K IPs exposed pic.twitter.com/aI2TZbSxSc
— The Shadowserver Foundation (@Shadowserver) November 11, 2024
This significant number of potentially vulnerable systems underscores the urgency of implementing proper security measures.
Palo Alto Networks advises customers to limit access to the management interface to trusted internal IP addresses only and not expose it to the internet. The company believes that Prisma Access and cloud NGFW are unaffected by this potential vulnerability.
To mitigate the risk, administrators are encouraged to take several precautionary measures:
Customers using Cortex Xpanse and Cortex XSIAM with the ASM module can investigate internet-exposed instances by reviewing alerts generated by the Palo Alto Networks Firewall Admin Login attack surface rule.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed
Author: Guru BaranPalo Alto Networks has issued a critical security advisory regarding a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls.
The advisory, released on November 8, 2024, warns customers to restrict access to their firewall management interfaces due to this unconfirmed security threat.
While specific details about the vulnerability are still under investigation, Palo Alto Networks has emphasized that they actively monitor for signs of exploitation. At present, no active exploitation has been detected.
However, the company strongly recommends that customers ensure their management interface access is configured correctly, following best practice deployment guidelines.
Shadowserver has conducted scans to identify exposed PAN-OS management interfaces. Alarmingly, approximately 11,000 IP addresses with exposed management interfaces have been discovered.
Palo Alto published an advisory on 2024-10-08 warning of a claim of an RCE via the PAN-OS management interface. While no exploitation activity has yet been observed, we added fingerprinting for exposed PAN-OS mgmt interfaces in our Device ID report.
We see around 11K IPs exposed pic.twitter.com/aI2TZbSxSc
— The Shadowserver Foundation (@Shadowserver) November 11, 2024
This significant number of potentially vulnerable systems underscores the urgency of implementing proper security measures.
Palo Alto Networks advises customers to limit access to the management interface to trusted internal IP addresses only and not expose it to the internet. The company believes that Prisma Access and cloud NGFW are unaffected by this potential vulnerability.
To mitigate the risk, administrators are encouraged to take several precautionary measures:
- Isolate the management interface on a dedicated management VLAN
- Use jump servers for accessing the management IP
- Limit inbound IP addresses to approved management devices
- Permit only secure communication protocols such as SSH and HTTPS
- Allow PING solely for testing connectivity.
Customers using Cortex Xpanse and Cortex XSIAM with the ASM module can investigate internet-exposed instances by reviewing alerts generated by the Palo Alto Networks Firewall Admin Login attack surface rule.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
