The Download
Palo Alto Network confirmed a new zero-day vulnerability affecting Palo Alto Networks firewalls, is being exploited in targeted attacks. A CVE identifier is yet to be assigned to the vulnerability, but Palo Alto Networks put out guidance on Nov 8th to immediately address the vulnerability. This flaw allows remote attackers to execute arbitrary code without authentication, compromising network integrity. The issue is linked to a vulnerability in the firewall's configuration handling available from Internet access. Once exploited, attackers can gain unauthorized access to sensitive systems, potentially leading to data breaches or further exploitation within corporate networks. Palo Alto has issued an advisory, urging immediate mitigations.
What You Can Do
IT administrators should immediately review Palo Alto's advisory and apply any available patches when they become available. Palo Alto Networks is recommending the mitigation to only allow trusted IPs to access the user management interface of its firewall. Ensure strict network segmentation, monitor unusual firewall activity, and enhance logging for better visibility. Enforce least-privilege principles to limit exposure in case of compromise and consider utilizing intrusion detection systems to flag unauthorized attempts.
To discover your attack surface before your adversaries do sign up for a demo of ThreatMate today.
To Learn More: