- Strong advisory issued urging users to restrict access to the management interfaces of their firewalls to internal networks only.
- PAN has identified that attacks have originated from specific IP addresses, which may be associated with legitimate third-party VPN services, further complicating the threat landscape.
Palo Alto Networks (PAN), a leading cybersecurity firm, has recently confirmed the active exploitation of a critical vulnerability affecting its firewalls, particularly those with management interfaces exposed to the internet.
The zero-day vulnerability, assigned a severity score of 9.3 out of 10, allows unauthenticated attackers to execute commands remotely, posing a significant risk to organisations relying on PAN’s advanced firewall solutions.
In response to this alarming situation, Palo Alto Networks has issued strong advisory urging users to restrict access to the management interfaces of their firewalls to internal networks only.
The company emphasises that, until a patch is made available, the best course of action is to adhere to established best practices for configuration.
Mitigation strategy
Specifically, users are encouraged to ensure that access is limited to trusted internal IP addresses, thereby reducing the vulnerability’s severity to a lower, yet still concerning, score of 7.5.
The mitigation strategy underscores the importance of proactive security measures in safeguarding critical infrastructure.
The advisory highlights that the majority of firewalls already conform to these recommended best practices. However, devices that do not secure access to their management interfaces face increased risk, particularly as malicious activity has been detected targeting exposed interfaces.
Presence of malicious code
PAN has identified that attacks have originated from specific IP addresses, which may be associated with legitimate third-party VPN services, further complicating the threat landscape.
Moreover, the presence of malicious code on affected devices underscores the urgency of implementing the recommended security measures.
In addition to this critical vulnerability, Palo Alto Networks has disclosed further weaknesses in its software, including vulnerabilities in the Expedition migration tool for firewall configurations.
These vulnerabilities, which include OS command injection and SQL injection flaws, allow attackers to gain unauthorised access to sensitive information, including usernames, passwords, and device configurations.
Such revelations highlight the ongoing challenges faced by cybersecurity firms in maintaining the integrity of their products against evolving threats.