Menu
Palo Alto Networks offers a variety of products to help secure networks, including firewalls, endpoint protection, and cloud security. The company are perhaps best known for their Cortex, Prisma and PA-Series of Next Generation Firewalls (NGFW). Palo Alto typically releases security advisories on a monthly basis. These advisories contain details of new vulnerabilities as well as instructions for obtaining product security updates. In this blog post – part of a series published every month on the second Thursday of the month – we summarise key details for all Palo Alto security advisories released in the last month, as well as highlight some of the most critical issues that organisations should address. The full list of advisories can be viewed in their original format via the Palo Alto Networks Security Advisories, published at: https://security.paloaltonetworks.com/.
Details started to emerge shortly after last month’s blog post of a bleeding-edge ‘0-Day’ vulnerability in PAN-OS Attackers were able to exploit a critical Remote Code Execution (RCE) vulnerability in the operating system/firmware used across Palo Alto Networks PAN firewall and VPN concentrator product lines before the vendor were even aware of it, or had a fix ready to deploy. Palo Alto initially issued only a series of cryptic warnings to “secure management interfaces” but with no additional details provided. After over a week of uncertainty, the company did finally release a swathe of fixes for various firmware version streams and assigned a CVE identifier (CVE-2024-9474), allowing companies with vulnerable products to protect their installations at last.
Following hot on the heels of CVE-2024-9474, CISA also reported on the active exploitation of a second vulnerability, CVE-2024-0012. Palo Alto Networks are investigating this activity under the title of ‘Operation Lunar Peek’. An authentication bypass flaw in the web management interface, it has been reported to be being exploited to drop malicious payloads on to firewalls.
The Palo Alto security advisories issued in the four-week period ending 11th December 2024 also include high-priority fixes for critical privilege escalation and authentication bypass vulnerabilities in products including the company’s flagship PAN-OS, GlobalProtect App and its ‘Prisma’ Chromium-Based Browser.
The list of ‘Critical’ severity vulnerabilities below are those that Palo Alto have rated as 9.0 or higher out of 10 under the “CVSS” (Common Vulnerability) scoring system – although this is at the discretion of Palo Alto. These vulnerabilities typically represent a critical risk to organisations – being both trivial for attackers to exploit, as well as having the potential to have significant impact (harm) if successfully exploited. Critical vulnerabilities are crucial to patch, and remediation is time sensitive – these types of vulnerabilities often feature in our “Known Exploited Vulnerabilities” (KEV) roundups as undergoing active exploitation if a threat group develops working exploit code and begins to actively target organisations. The vulnerabilities flagged as Critical severity in Palo Alto Networks products this month includes:
| Palo Alto Networks Product | Palo Alto Reference | CVE IDs | CVSS Score |
|---|---|---|---|
| PAN-OS – Privilege Escalation Vulnerability | n/a | CVE-2024-9474 | 9.8 |
| PAN-OS – Authentication Bypass Vulnerability | PAN-SA-2024-0015 | CVE-2024-0012 | 9.8 |
The list of ‘High’ severity vulnerabilities below are those that Palo Alto have rated between 7.0 and 8.9 out of 10 under the “CVSS” (Common Vulnerability) scoring system. High-severity vulnerabilities are still important to prioritise for remediation, but they are rated as a slightly lower risk than ‘critical’ vulnerabilities. This may be because they are either harder for attackers to exploit (such as requiring local rather than network access to exploit) or else considered to have a typically lower impact on systems and services if they were to be exploited. The vulnerabilities regarded as ‘High’ in Palo Alto products in the last four weeks include:
| Palo Alto Networks Product | Palo Alto Reference | CVE IDs | CVSS Score |
|---|---|---|---|
| GlobalProtect App – Improper Certificate Validation | GPC-19860, GPC-19861 | CVE-2024-5921 | 7.1 |
| Prisma Access Browser – Type Confusion Error | PAN-SA-2024-0017 | CVE-2024-11395 | 8.8 |
| Prisma Access Browser – Type Confusion Error | PAN-SA-2024-0017 | CVE-2024-12053 | 8.8 |
All our vulnerability entries above contain links to official remediation guidance from Palo Alto in the form of their published Security Advisories, as well as details of mitigations or workarounds that can be performed if immediate patching is not possible. Palo Alto networks release free software updates and customers within service contracts are entitled to regular software updates containing security fixes via update channels.
We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – both server systems and networking infrastructure, as well as end-user machines running desktop operating systems – in order to detect known vulnerabilities in your technical estate. Contact your account manager now to enquire about license options for our ‘internal scan hubs’ solution or, if not already a customer, take our platform for a test drive today at https://appcheck-ng.com/.
The upcoming dates for the next four monthly PALO ALTO roundups will be:
Add them to your calendar now!
Also keep an eye on our blog for coverage of other critical vulnerability updates including:
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
