Palo Alto Networks and Unit 42 are tracking a limited set of exploitation activities related to CVE-2024-0012 and are working with external researchers, partners, and customers to share information transparently and rapidly.
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474.
CVE-2024-0012 is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Palo Alto Networks has actively monitored and worked with customers to identify and further minimise the very small number of PAN-OS devices with management web interfaces exposed to the Internet or other untrusted networks.
Palo Alto Networks has identified threat activity potentially exploiting this vulnerability against a limited number of management web interfaces. The current scope of the attack section includes more information about the observed activity.
Palo Alto is tracking the initial exploitation of this vulnerability under the name Operation Lunar Peek.
The risk is greatly reduced if customers secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines.
If not done already, Palo Alto Networks also strongly recommends that customers secure access to their management interface according to recommended best practice deployment guidelines. Specifically, customers should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the Internet. The vast majority of firewalls already follow Palo Alto Networks and industry best practices.
Fixes for CVE-2024-0012 are available. Please refer to the Palo Alto Networks Security Advisory for additional details.
Refer to the Palo Alto Networks Security Advisory for up-to-date information about affected products and versions, as well as more guidance about remediating CVE-2024-0012.
