Palo Alto Networks

Pierluigi Paganini November 22, 2024
More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management […]

Pierluigi Paganini November 19, 2024
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster […]

Pierluigi Paganini November 16, 2024
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3) in PAN-OS. The cybersecurity company had no […]

Pierluigi Paganini November 08, 2024
Palo Alto Networks warns of potential RCE in PAN-OS management interface

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on […]

Pierluigi Paganini July 12, 2024
Palo Alto Networks fixed a critical bug in the Expedition tool

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin […]

Pierluigi Paganini April 17, 2024
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls. CVE-2024-3400 (CVSS score of 10.0) is a […]

Pierluigi Paganini April 15, 2024
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024. CVE-2024-3400 (CVSS score of 10.0) is a critical command […]

Pierluigi Paganini April 11, 2024
Palo Alto Networks fixed multiple DoS bugs in its firewalls

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing […]

Pierluigi Paganini August 11, 2022
Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS

Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […]

Pierluigi Paganini April 07, 2022
CVE-2022-0778 OpenSSL flaw affects multiple Palo Alto devices

Palo Alto Networks plans to fix CVE-2022-0778 OpenSSL flaw in some of its firewall, VPN, and XDR, products during April 2022. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero […]