Attackers are exploiting a zero day bug in Palo Alto Networks firewalls to gain access to devices. A patch is not yet available, but organizations can we protect themselves.
Palo Alto Networks is warning customers that firewalls are susceptible to abuse thanks to a zero day bug. The abuse is not theoretical: Palo Alto Networks discovered the bug because it is already being actively abused. A patch is not currently available, which makes the situation dangerous: attackers can gain access to a firewall and from there the network with a relatively simple attack.
Shielding
Fortunately, users are not defenseless. To break into firewalls, attackers must have access to the management interface. Palo Alto therefore recommends that customers properly shield that interface immediately. When access is restricted to specific IPs in the local network, the firewalls are safeguarded. Access via the public Internet is definitely out of the question.
Customers can use the support portal to look for devices requiring action, The Register knows. Palo Alto will proactively indicate when it detects management interfaces accessible via the Internet.
The zero day bug has not yet been assigned a CVE number. Palo Alto Networks has not shared any concrete information at this time about who exactly is behind the attacks, nor is it clear when a patch will be available.
Palo Alto is getting hit hard. Just last week, the U.S. CISA warned of two dangerous bugs in the company’s Expedition migration tool. Updates to those are already available.