I blogged about this one earlier in the week, but all organisations need to be aware that the latest Palo Alto vulnerability (CVE-2024-0012) is as serious as it gets and patch this ASAP (even better; remove management interfaces from being internet facing as well) . I'm seeing (and pwning) palo network devices everywhere during engagements using this vulnerability. Here is a screenshot below from an engagement I was working on just yesterday...
It's dead simple to exploit, you don't need an account at all (unauthenticated), and gives an attacker direct access to the firewall (and VPN if configured) resulting in network access for an adversary.
More info on just how widespread it's being exploited:
And lastly, If you have would like a pentest to confirm if your environment is vulnerable, please reach out!
Comments