REDLEGG BLOG

Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability

11/15/24 4:03 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITies

PAN-OS Management Interface Remote Code Execution Vulnerability

CVSS Score9.8 (Critical)
IdentifierPAN-SA-2024-0015 (No CVE assigned)
Exploit or POC: Yes, this vulnerability is actively exploited in the wild. 
Update: PAN-SA-2024-0015 – Palo Alto Networks Security Advisory Palo Alto Networks Security Advisory

Description: PAN-SA-2024-0015 is a critical vulnerability affecting the management interface of PAN-OS, which is used in Palo Alto Networks' firewall products. The flaw allows remote attackers to execute arbitrary code on vulnerable devices. Exploitation of this vulnerability could result in unauthorized access, system compromise, and potential data breaches. Palo Alto Networks has observed limited exploitation of this vulnerability targeting devices with management interfaces exposed to the Internet.

Mitigation Recommendation: Restrict access to the management interface to trusted internal IP addresses and ensure it is not accessible from the Internet. Follow Palo Alto Networks' best practice deployment guidelines and apply any updates or patches as recommended in the official advisory. Immediate action is strongly advised to prevent further exploitation. For detailed guidance, refer to the Palo Alto Networks Security Advisory https://security.paloaltonetworks.com/PAN-SA-2024-0015.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin