Palo Alto Networks reveals two zero-day vulnerabilities in its PAN-OS-based firewalls, leading to active exploitation by hackers. Proper restrictions on Web interface access are crucial.
The two vulnerabilities, CVE-2024-0012 and CVE-2024-9474, allow for authentication bypass and privilege escalation, respectively, providing attackers with admin privileges and command execution capabilities.
Hackers, starting from Nov. 18, are exploiting these vulnerabilities through proxies, which has led to the urgency in advising customers to monitor their systems and update software.
Palo Alto Networks emphasizes that a single patch won't ensure safety and recommends customers actively monitor for persistent threats while considering their security practices.
Collection
[
|
...
]