Global Hack Exploits Palo Alto Flaws: 2,000+ Devices Compromised
Hackers exploited two zero-day vulnerabilities in Palo Alto Networks’ software, compromising potentially thousands of organizations worldwide. The flaws, identified within the PAN-OS operating system that powers next-generation firewalls, enabled attackers to gain administrative access and execute actions with elevated privileges. These breaches allowed for the remote deployment of malicious code on targeted devices.
According to researchers, threat actors have actively utilized an exploit chain combining vulnerabilities CVE-2024-0012 and CVE-2024-9474 to attack a select number of internet-exposed management web interfaces. CVE-2024-0012 facilitates administrative privilege escalation, while CVE-2024-9474 permits root-level actions. Together, these vulnerabilities grant attackers full control over devices and access to corporate networks.
The Shadowserver Foundation reported that over 2,000 devices were compromised via these newly patched vulnerabilities, with the highest concentration of affected systems observed in the United States, India, the United Kingdom, Australia, and China.
Researchers at Arctic Wolf highlighted that hackers began exploiting these vulnerabilities on November 19, following the release of a proof-of-concept exploit. During these attacks, perpetrators deployed tools into compromised systems and exfiltrated configuration files.
Palo Alto Networks has issued patches for these vulnerabilities and strongly urged organizations to apply the updates promptly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its catalog of known exploited flaws, mandating federal agencies to implement the fixes within three weeks.
An analysis of the patches revealed that the vulnerabilities stemmed from development errors, underscoring the growing challenge of identifying security flaws in enterprise-grade devices such as firewalls, VPNs, and remote access tools. This marks the second major incident involving vulnerabilities in Palo Alto Networks products this year, mirroring similar issues faced by other vendors, including Ivanti and Check Point.
