If your organization does not use Palo Alto Network firewalls, this threat bulletin does not apply to you.


TL;DR : Palo Alto Networks is warning its users to ensure that firewall management interfaces are not accessible from the internet due to on-going exploitation of a new vulnerability.  

 

The details: Palo Alto Networks was recently notified of exploitation against their firewalls in cases when the management interface was exposed to the internet. This vulnerability can result in an attacker placing a web-shell on the server, potentially allowing them to gain access to the network.

 

Why we are telling you: There is currently no patch available, but devices can be secured by ensuring they are not publicly accessible. 


Reference: https://security.paloaltonetworks.com/PAN-SA-2024-0015