Multiple critical vulnerabilities have been discovered in Palo Alto PAN-OS, the software that runs all Palo Alto Networks next-generation firewalls. The most severe of these vulnerabilities could allow for authentication bypass, potentially granting an attacker administrator privileges. Successful exploitation could enable an attacker to install programs, view, change, or delete data, and perform other unauthorized actions.

Affected Devices:

1. PAN-OS 11.2 < 11.2.4-h1
2. PAN-OS 11.1 < 11.1.5-h1
3. PAN-OS 11.0 < 11.0.6-h1
4. PAN-OS 10.2 < 10.2.12-h2
5. PAN-OS 10.1 < 10.1.14-h6

Vulnerabilities:

1. Authentication Bypass (CVE-2024-0012): An unauthenticated attacker with network access to the management web interface can gain PAN-OS administrator privileges, allowing them to perform administrative actions, tamper with configurations, or exploit other vulnerabilities.
2. Privilege Escalation (CVE-2024-9474): A PAN-OS administrator with access to the management web interface can perform actions on the firewall with root privileges.

Recommendations:

1. Apply Updates: Immediately apply the latest security updates provided by Palo Alto Networks after appropriate testing.
2. Implement Vulnerability Management: Establish and maintain a documented vulnerability management process, including regular scans and a risk-based remediation strategy.
3. Network Segmentation: Isolate critical systems and resources using physical and logical segmentation. Use a DMZ for internet-facing services.
4. Principle of Least Privilege: Run all software with minimal necessary privileges to limit the impact of potential breaches.
5. Enable Anti-Exploitation Features: Utilize built-in protection mechanisms such as Data Execution Prevention (DEP) where possible.
 

Attached detailed PDF

fnCyber Advisory 1120.pdf