Has there been any active exploitation of these vulnerabilities?

No active exploitation has been detected as of the advisory's publication date, though the company is actively monitoring for exploitation attempts.

What are the recommended security measures for protecting the PAN-OS management interface?

The recommended measures include: 1) Block internet access to the PAN-OS management interface, 2) Allow connections only from trusted internal IP addresses, 3) Isolate the management interface on a dedicated management VLAN, 4) Implement jump servers for management access, 5) Limit inbound IP addresses to approved management devices, 6) Permit only secured communication (SSH, HTTPS), and 7) Restrict PING to testing connectivity only.

What types of connections should be permitted to the management interface?

Only secured communication protocols should be permitted, specifically SSH and HTTPS. PING should be restricted to testing connectivity only.

How should the management interface be isolated?

The management interface should be isolated on a dedicated management VLAN and access should be limited to approved management devices through jump servers.

Advisory

Palo Alto Networks warns of claimed critical flaw in PAN-OS management interface

Q: What is the security concern with Palo Alto Networks' PAN-OS?

Palo Alto Networks has issued an advisory about a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls. Additionally, two separate vulnerabilities (CVE-2024-5910 and CVE-2024-9464) can be chained together to enable command injection.

published: Nov. 9, 2024

Take action: If by some weird accident, your PAN-OS Management Interface is exposed to the internet, lock it down immediately. Even if you think it's locked down - check again. Because it may become a very serious vector of attack, and the preventative measures are simple - make it accessible only from trusted networks, use encrypted channels (SSH, TLS) and don't even respond to pings.

Learn More

Palo Alto Networks has issued an advisory regarding a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls.

While specific details about this potential vulnerability are currently unknown, the company is actively monitoring for exploitation attempts. No active exploitation has been detected as of the advisory's publication date.

Separately to this report, unrelated flaws tracked as CVE-2024-5910 and CVE-2024-9464 enable command injection vulnerability chained together in another Palo Alto product.

Recommended Mitigation Measures for PAN-OS Management Interface:

Block internet access to the PAN-OS management interface
Allow connections only from trusted internal IP addresses
Isolate the management interface on a dedicated management VLAN
Implement jump servers for management access
Limit inbound IP addresses to approved management devices
Permit only secured communication (SSH, HTTPS)
Restrict PING to testing connectivity only

Palo Alto Networks warns of claimed critical flaw in PAN-OS management interface

Read More
HPE Aruba Networking fixes multiple critical flaws in …
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Citrix reports critical NetScaler flaw exposing sensitive information …
CISA Confirms Active Exploitation of Three Cisco Networking …
Cisco reports products vulnerable to "blastRadius" RADIUS protocol …