Malicious hackers may have infiltrated thousands of organizations by exploiting two new zero-day vulnerabilities found in widely used software developed by cybersecurity giant Palo Alto Networks.
Palo Alto Networks security researchers announced Wednesday that they have observed “limited exploitation activity” related to two vulnerabilities in PAN-OS, the operating system that runs on all Palo Alto next-generation firewalls. These bugs are considered zero-days because the company didn't have time to release a patch before the bugs were exploited.
The company announced that it has confirmed exploitation of two bugs, including CVE-2024-0012. CVE-2024-0012 allows an attacker with network access to the administrative web interface to gain administrative privileges, and the second bug, tracked as CVE-2024-9474, allows an attacker with higher root Use privileges to perform actions on compromised firewalls.
When used in combination, these vulnerabilities could allow an attacker to remotely plant malicious code on an affected firewall with the highest possible privileges, potentially allowing deeper access to a company's network. There is.
Palo Alto Networks said attackers are currently targeting a “limited number of device management web interfaces” exposed to the internet using a unique feature exploit that chains two flaws together. .
Hackers have already breached more than 2,000 affected Palo Alto Networks firewalls using two recently patched flaws, according to the Shadowserver Foundation, a nonprofit organization that scans and monitors Internet vulnerability exploits. I'm doing it. The nonprofit found that the United States had the highest number of compromised devices, followed by India, with hackers also exploiting firewalls in the United Kingdom, Australia, and China.
Palo Alto Networks declined to say how many firewalls were compromised in response to questions from TechCrunch.
U.S. cybersecurity company Arctic Wolf announced this week that its researchers published a proof-of-concept exploit on Nov. 19, after hackers exploited two vulnerabilities in Palo Alto's firewall to gain access to customer networks. They announced that they had observed a break-in.
“After a successful exploit, we observed the attacker attempting to transfer the tool into the environment and extract configuration files from the compromised device,” said Andres Ramos, a threat intelligence researcher at Arctic Wolf. said in a blog post.
Palo Alto Networks has released patches for two vulnerabilities and urged organizations to apply the patches as soon as possible. US cybersecurity agency CISA also added the two vulnerabilities to its catalog of known and exploited vulnerabilities, effectively ordering civilian federal agencies to patch their systems within three weeks.
Researchers at security firm watchTowr Labs, who reverse engineered the Palo Alto patch, say the flaw stems from a basic mistake in the development process.
This is the latest vulnerability discovered in recent months in corporate security devices such as firewalls, VPN products, and remote access tools that sit at the edge of corporate networks and act as digital gatekeepers. This is the second major security alert for Palo Alto Networks this year, along with flaws found in similar products developed by cybersecurity vendors Ivanti and Check Point.