Palo Alto Networks has confirmed the active exploitation of a critical remote code execution vulnerability (CVE-2024-0012) in the PAN-OS management interface. This vulnerability allows an unauthenticated attacker with network access to the management interface to bypass authentication, obtain administrator privileges, and perform administrative actions. The issue primarily affects devices that do not follow best practice guidelines for securing management access.
Palo Alto Networks has been alerted to a possible remote code execution vulnerability in the PAN-OS management interface, though details of the vulnerability are currently unclear. While actively monitoring for any exploitation signs, they advise customers to secure management interface access by restricting it to trusted internal IPs, per their best practice guidelines. Prisma Access and cloud NGFW are believed to be unaffected, and Cortex Xpanse and Cortex XSIAM users can check for internet-exposed instances based on alerts. As of November 17, 2024, exploitation has been detected.