Cyber Security News

Palo Alto Networks Warns Of Critical PAN-OS Remote Code Execution Vulnerability

Palo Alto Networks has issued an urgent warning about a potential critical remote code execution (RCE) vulnerability affecting the management interface of their PAN-OS next-generation firewalls.

The cybersecurity company has advised customers to take immediate protective measures while investigating the reported security flaw.

The vulnerability explicitly targets the PAN-OS management interface, though the company has stated that neither Prisma Access nor cloud NGFW solutions are believed to be affected.

While specific details about the vulnerability are still under investigation, Palo Alto Networks has confirmed they are actively monitoring for any signs of exploitation.

Managed Detection and Response Buyer’s Guide – Free Download (PDF)

The company has outlined several critical security measures for customers:

  • Block all Internet access to the PAN-OS management interface.
  • Allow connections only from trusted internal IP addresses.
  • Isolate the management interface on a dedicated management VLAN.
  • Implement jump servers for management access.
  • Restrict communication to secure protocols like SSH and HTTPS.

Palo Alto Networks reports no detected signs of active exploitation of this vulnerability.

However, this announcement comes amid ongoing concerns about firewall security, as the company recently addressed another critical vulnerability (CVE-2024-5910) that was being actively exploited in the wild.

Security operations teams are advised to continuously monitor logs and implement real-time incident alerts for suspicious activities.

The company emphasizes that customers following their recommended best practice deployment guidelines for management interface access are at significantly lower risk.

Palo Alto Networks continues investigating the vulnerability and has promised to provide updates as more information becomes available.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Share
Published by
Guru Baran
Tags: cyber securitycyber security newsPAN-OS Vulnerabilityremote code execution
5 months ago

Recent Posts

Hackers Exploiting Microsoft 365 OAuth Workflows to Target Organizations

A new campaign by Russian threat actors. These actors are exploiting legitimate Microsoft OAuth 2.0…

3 minutes ago

Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents

Security researchers at Fortinet's FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized…

56 minutes ago

Marks & Spencer Confirms a Cyberattack Hits Payments & Online Orders

British retail giant Marks & Spencer (M&S) has confirmed it is dealing with a significant…

1 hour ago

The Role of AI in Modernizing Cybersecurity Programs – Insights for Security Leaders

In the face of relentless cyber threats and an ever-expanding digital attack surface, security leaders…

3 hours ago

Hackers Attacking Organization With New Malware Mimic as Networking Software Updates

A sophisticated backdoor targeting various large Russian organizations across government, finance, and industrial sectors has…

3 hours ago

From Response to Resilience – Shifting the CISO Mindset in Times of Crisis

In an era where cyber threats evolve faster than defense mechanisms, Chief Information Security Officers…

3 hours ago