Palo Alto Releases Critical Security Bulletin for Firewall Devices
EDIT: This remediation is outdated, and organisations are instructed to follow the advice in the High Severity Cyber Alert CC-4578
Summary
EDIT: This remediation is outdated, and organisations are instructed to follow the advice in the High Severity Cyber Alert CC-4578
Affected platforms
The following platforms are known to be affected:
Threat details
This Cyber Alert has been superceded by CC-4578
The information in this Cyber Alert is outdated, the description of the vulnerability and the remediation has changed. Organisations must follow the remediation advice in CC-4578.
Introduction
Palo Alto has issued a critical severity security bulletin for an unauthenticated remote command execution vulnerability affecting the management interface for firewall devices.
The vulnerability is still under investigation by Palo Alto but has not yet received a CVE designation. Palo Alto has tentatively given the vulnerability an initial CVSSv4 score of 9.3. However, if access to the management interface is restricted to trusted internal IP addresses, the CVSSv4 score is reduced to 7.5.
Probable exploitation of unauthenticated RCE vulnerability
Palo Alto Networks has observed threat activity exploiting firewall management interfaces exposed to the internet and is preparing to release fixes and threat prevention signatures.
Remediation advice
EDIT: This remediation is outdated, and organisations are instructed to follow the advice in the High Severity Cyber Alert CC-4578
Affected organisations are encouraged to review the Palo Alto Security Bulletin PAN-SA-2024-0015 and verify that the management interface is configured correctly. Palo Alto has not released security updates but advise customers follow their guidance on securing access to the management interface to reduce the risk of exploitation.
For best practice deployment guidelines, follow the steps in Palo Alto's blog How to Secure the Management Access of Your Palo Alto Networks Device and ensure that access to the management interface is possible only from trusted internal IP addresses and not from the Internet.
Remediation steps
| Type | Step |
|---|---|
| Action |
To find assets that require remediation action, visit the Assets section of Customer Support Portal at https://support.paloaltonetworks.com (Products → Assets → All Assets → Remediation Required). |
| Action |
Devices with an internet-facing management interface discovered in Palo Alto's scans are tagged with PAN-SA-2024-0015. If no such devices are listed, it indicates their scan did not find any devices with internet-facing management interface for your account. |
Definitive source of threat updates
Last edited: 18 November 2024 5:06 pm