Tag Archives: PANOS

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass - PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then “invoke certain PHP scripts”, compromising the integrity and confidentiality of PAN-OS. 😏

🔹 The vendor bulletin was released on February 12. On the same day, Assetnote posted a write-up on the vulnerability. The next day, a PoC exploit appeared on GitHub.

🔹 On February 18, GreyNoise reported that they had detected active exploitation attempts. According to Palo Alto, the vulnerability is being exploited alongside EoP CVE-2024-9474 and Authenticated File Read CVE-2025-0111 vulnerabilities. As a result, the attacker gains the ability to execute Linux commands on the device as root. 😱

Install updates and restrict access to administrative web interfaces! 😉

На русском

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:29 Spoofing – Windows NTLM (CVE-2024-43451)
🔻 01:16 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
🔻 02:16 Spoofing – Microsoft Exchange (CVE-2024-49040)
🔻 03:03 Elevation of Privilege – needrestart (CVE-2024-48990)
🔻 04:11 Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575)
🔻 05:19 Authentication Bypass – PAN-OS (CVE-2024-0012)
🔻 06:32 Elevation of Privilege – PAN-OS (CVE-2024-9474)
🔻 07:42 Path Traversal – Zyxel firewall (CVE-2024-11667)
🔻 08:37 Is it possible to Manage Vulnerabilities with no budget?
🔻 09:53 Should a VM specialist specify a patch to install on the host in a Vulnerability Remediation task?
🔻 10:51 Full digest of trending vulnerabilities
🔻 11:18 Backstage

На русском

About Denial of Service – PAN-OS (CVE-2024-3393) vulnerability

About Denial of Service - PAN-OS (CVE-2024-3393) vulnerability

About Denial of Service – PAN-OS (CVE-2024-3393) vulnerability. PAN-OS is the operating system that runs all Palo Alto Network NGFWs. The vendor’s advisory was released on December 27. Аn unauthenticated attacker can send a malicious packet through the data plane of the firewall, causing it to reboot. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. For exploitation the logging option of the “DNS Security” feature must be enabled.

👾 Palo Alto has already detected attacks that exploit this vulnerability. There are no public exploits yet.

👀 CyberOK detects more than 500 PAN-OS installations in RuNet, of which 32 are potentially vulnerable. Additionally, 218 hosts are running PAN-OS version 11.0.x, which is no longer supported by the vendor since November 17.

🔧 To fix the vulnerability, you need to update your device or, as a workaround, disable the logging option of the “DNS Security” function.

На русском

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege - PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script.

The need for authentication and admin access could limit this vulnerability’s impact, but here we have the previous vulnerability Authentication Bypass – PAN-OS (CVE-2024-0012). 😏 Exploitation of this vulnerability chain was noted by Palo Alto on November 17. After November 19, when the watchTowr Labs article was published and exploits appeared, mass attacks began.

On November 21, Shadowserver reported that ~2000 hosts were compromised, mostly in the US and India. According to Wiz, attackers deployed web shells, Sliver implants and cryptominers.

На русском

About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability

About Authentication Bypass - PAN-OS (CVE-2024-0012) vulnerability

About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability. An unauthenticated attacker with network access to the Palo Alto device web management interface could gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated vulnerabilities. Firewalls of the PA, VM, CN series and the Panorama management platform are vulnerable. The vendor recommends restricting access to the management web interface to trusted internal IP addresses only.

🔻 On November 8, a Palo Alto bulletin was released
🔻 On November 15, signs of attacks were noticed, labeled as “Operation Lunar Peek”
🔻 On November 18, the vulnerability was added to the CISA KEV
🔻 On November 19, watchTowr Labs released a post with technical details (“supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication”) 😏 and exploits soon appeared on GitHub

На русском