Palo Alto Networks says that customer devices could be under threat from an actively-targeted critical security flaw.
Dubbed CVE-2024-0012, the vulnerability allows for authentication bypass on PAN-OS appliances. The security flaw has been given a severity rating of 9.3 and has been designated as "critical" by Palo Alto.
While the bug has been given a critical rating and Palo Alto recommends administrators patch ASAP, there are some mitigations that give reason not to panic just yet. For starters, Palo Alto already has instructions for updating PAN-OS and sealing off the flaw.
Additionally, the vulnerability is not remotely exploitable over the open internet. This means the actor would already need to have access to the internal network in order to access the vulnerable components.
The vendor said that the flaw was brought to its attention when its own Unit 42 threat research team spotted activity in the wild targeting the bug.
“An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474,” Unit 42 explained.
The researchers note that only PAN-OS versions 10.2, 11.0, 11.1, and 11.2 are subject to the flaw, while Cloud NGFW and Prisma Access remain safe.
Unit 42 also says that administrators can mitigate the potential for attack by limiting access to the web management interface to devices that are within the internal network.
“If you haven’t already, Palo Alto Networks also strongly recommends that customers secure access to your management interface according to our recommended best practice deployment guidelines,” the Palo Alto team explained.
“Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the Internet. The vast majority of firewalls already follow Palo Alto Networks and industry best practices.”
In disclosing the bug, the Unit 42 crew made one particularly interesting point. In this case, and many others, an authentication bypass bug can be chained with a seemingly unassuming issue like elevation of privilege to create a single script that would allow a threat actor to completely take over a system.
Experts have long urged administrators and security professionals to not ignore fixes for lower-rated bugs specifically for this reason. Multiple low-rated flaws can be chained together to create a far more dangerous exploit.
