Palo Alto’s Patch Party: Finally Fixing Flaws While Hackers Have a Blast

Palo Alto Networks has patched two zero-day vulnerabilities in its Next-Generation Firewalls, including an authentication bypass flaw and a privilege escalation issue. While the company claims only a few devices are affected, researchers have identified thousands of exposed interfaces online. The U.S. cybersecurity agency urges immediate patching to mitigate these risks.

3P
Published: November 18, 2024 9:00 pmAdded: November 18, 2024 at 1:33 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Palo Alto Networks had a double feature at the zero-day cinema, with hackers already munching on popcorn while waiting for the security updates! Let’s hope these patches are blockbuster hits and not straight-to-DVD flops.

Key Points:

  • Palo Alto Networks released updates for two zero-day vulnerabilities in their Next-Generation Firewalls (NGFW).
  • CVE-2024-0012 allows attackers to bypass authentication and gain admin privileges.
  • CVE-2024-9474 enables privilege escalation, allowing admin actions with root privileges.
  • Despite claims of limited impact, over 11,000 vulnerable interfaces were found exposed online.
  • U.S. cybersecurity agency mandates patching by December 9, warning of significant risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?