Description | Two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474 have been disclosed in Palo Alto Networks’ PAN-OS software. These vulnerabilities enable attackers to bypass authentication, escalate privileges, and achieve remote code execution. Active exploitation of these vulnerabilities in the wild underscores the urgency for organizations to address this threat and secure their cloud and hybrid environments. CVE-2024-0012: Authentication Bypass
CVE-2024-9474: Privilege Escalation
These vulnerabilities can be chained together, resulting in full administrative control of affected devices. |
Scope |
Both issues affect both physical and virtual PAN-OS deployments, organizations with internet-facing PAN-OS management interfaces are at the highest risk. To date, Lacework has not observed successful exploitation of these vulnerabilities in the cloud environments we monitor.
|
Solution |
1. Patch Immediately
2. Restrict Access to Management Interfaces
3. Enable Multi-Factor Authentication (MFA)
4. Monitor Continuously
|
Indicators of Compromise (IoCs) |
Unusual administrative actions, such as privilege escalations or configuration changes. Outbound connections from PAN-OS devices to suspicious IP addresses. Presence of unauthorized scripts, including web shells, on affected systems. |
Additional Resources |
How Lacework FortiCNAPP can help
Enhanced Detection Capabilities
- Cloud Environment Monitoring: Lacework FortiCNAPP offers agentless scanning to identify vulnerabilities and misconfigurations across cloud workloads and containers, providing a comprehensive view of your cloud environment's security posture.
- Lateral Movement Detection: Lacework FortiCNAPP identifies unusual network activity or access patterns that may indicate an attacker attempting to move laterally within your cloud environment.
Visualize and Prioritize Risks
- Exposure Polygraph: map potential attack paths to highlight high-risk, publicly exposed assets.
- Runtime Context Analysis: correlate vulnerability data with real-time activity for better prioritization.
Respond Quickly
- Anomaly Detection: Receive alerts for privilege escalations, unexpected administrative actions, and network anomalies.
FAQs
Q: How does Lacework help detect active exploitation of these vulnerabilities?
Lacework’s anomaly detection identifies unusual behaviors and IoCs associated with exploitation, such as unauthorized administrative actions and suspicious outbound traffic.
Q: Are virtualized PAN-OS instances vulnerable?
Yes, both physical and virtual instances are affected. Ensure patches are applied across all deployments.
Q: Can Lacework assist in post-exploitation analysis?
Yes, Lacework’s runtime monitoring and Exposure Polygraph help analyze compromised systems and understand the attack paths used by adversaries.
Act Now
Address these vulnerabilities immediately by patching affected PAN-OS systems and leveraging Lacework FortiCNAPP to proactively monitor and secure your environment. #FortiCNAPP