Palo Alto Networks: ‘Critical’ Firewall Vulnerability Has Seen Exploitation

The flaw affecting some internet-exposed firewall management interfaces had been initially disclosed Nov. 8.

A critical-severity vulnerability affecting some internet-exposed Palo Alto Networks firewall management interfaces has seen exploitation in cyberattacks, according to the cybersecurity vendor.

Palo Alto Networks, the maker of widely used next-generation firewalls (NGFW), said in an update to a security advisory Thursday that its team has now detected attacks exploiting the remote code execution (RCE) flaw, which had been initially disclosed Nov. 8.

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet,” the company said in the advisory update. “We are actively investigating this activity.”

As of Thursday, Palo Alto Networks said it believes Prisma Access and Cloud NGFW deployments are not affected by the vulnerability (which is tracked with the identifier PAN-SA-2024-0015).

In the advisory update, the company said it strongly recommends that customers ensure that access to their management interface is correctly configured.

“In particular, we recommend that you immediately ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet,” Palo Alto Networks said.

The vulnerability has received a “critical” severity rating of 9.3 out of 10.0.

In a statement provided to CRN Friday, Palo Alto Networks said that the vulnerability “has been validated since our original release on November 8 in the Security Bulletin which has now been updated.”

“We will continue to monitor the situation closely and encourage customers to review the security bulletin for the latest details,” the company said.