The original post: /r/cybersecurity by /u/blackpoint_APG on 2024-11-15 16:35:42.

A newly disclosed remote code execution (RCE) vulnerability (PAN-SA-2024-0015) in Palo Alto firewalls is actively being exploited, with a critical CVSS score of 9.3. Threat actors are targeting exposed management interfaces, leveraging low-complexity, automated attacks.

No Patch Yet: Palo Alto urges organizations to restrict public access to management interfaces immediately.

Why it matters:

This vulnerability threatens network security, allowing attackers to modify firewall rules, access sensitive data, and pivot within networks.

Threat actors are likely to target this vulnerability for initial access to target organizations. Additionally, threat actors likely will exploit the vulnerability to manipulate network traffic, create new firewall rules, or redirect traffic to other areas of the network providing a method for lateral movement through the network.

Action Needed Now:

Secure your interfaces per Palo Alto’s recommendations to mitigate risk.

Relevant Links:

• Palo Alto Advisory