Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances.
Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN offering, and as ever, we’re here to locate it.
Yep! Command injection! Every attacker's favourite vulnerability class, allowing for simple and easy exploitation (once you know how).
As I'm sure you can imagine, analysing vulnerabilities under active exploitation is more than a requirement here at watchTowr, its a passion, and a calling. We're no stranger to Palo Alto Network (Palo Alto from here on, because typing) devices - longtime readers will remember when we raced to analyse CVE-2024-3400 earlier this year.
Over the last few weeks, we’ve been closely monitoring a new vulnerability, teased at various different phases. It started off as an ‘informational disclosure’, a whiff of a rumour of a critical vulnerability, the only public detail that it was reachable from the device’s management interface.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25745083/copilotplusprompt.jpeg)
