Palo Alto Networks has reported active exploitation of a critical unauthenticated remote command execution vulnerability (PAN-SA-2024-0015) targeting a limited number of firewall management interfaces exposed to the Internet. This vulnerability carries a CVSS score of 9.3 (Critical) when management interfaces are accessible externally.

The threat arises from improper configuration of the management interface, which can allow unauthorised actors to execute commands remotely. To address this, Palo Alto Networks has issued urgent guidance for organisations to secure their interfaces in line with best practice deployment guidelines.

Organisations are strongly advised to:

  1. Restrict access to the management interface to trusted internal IPs only. This step significantly reduces the risk of exploitation
  2. Verify and enforce proper segmentation of the management interface, ideally on a dedicated VLAN, to further minimise exposure.

By limiting access to trusted IPs, the attack surface is reduced, and the CVSS score drops to 7.5 (High), as any potential exploit would require privileged access to those internal IPs.

This vulnerability highlights the crucial need for secure configurations and routine assessments of network exposure to reduce the risk of cyber threats effectively.

What you should do

  1. Restrict management interface access: Configure access to trusted internal IPs only
  2. Isolate the management interface: Use a dedicated VLAN for management traffic
  3. Follow Palo Alto Networks’ best practices: How to Secure Management Access.

Reliance Cyber’s actions

For our XDR customers using Palo Alto Firewalls, we are actively monitoring threat indicators and will promptly notify customers if any suspicious activity or potential exploitation is detected.

Next steps

Strengthen your security posture with expert guidance. Ask us about services that can protect and support you:

Compromise Assessments: Our Compromise Assessment service is designed to help businesses identify risks like the Palo Alto Networks vulnerability PAN-SA-2024-0015.

Incident Response Services: Detect, contain, and recover from cyber threats quickly. Protect your systems with expert support.

Get in touch

If you would like to learn more or explore how our services can support your security needs, reach out to our team today.