Palo Alto Vulnerability Scanner and Exploiter - 20250109002

Overview

Since publishing Advisory 20241119001, the WA SOC has been notified of a new threat targeting Palo Alto Networks firewall management interfaces. This threat involves a scanner and exploit tool that could potentially enable unauthorised installation of Meterpreter.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Palo Alto Networks PAN-OS	11.2 < 11.2.4-h1 11.1 < 11.1.5-h1 11.0 < 11.0.6-h1 10.2 < 10.2.12-h2	CVE-2024-0012	9.3	Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Paloalto: https://security.paloaltonetworks.com/CVE-2024-0012

Additional References

• TalkBack article: https://talkback.sh/resource/352cde21-0681-4aa2-80bf-70b6eaf2afe5/
• YouTube video "Exploiting and Detecting Palo Alto Networks CVE-2024-0012": https://www.youtube.com/watch?v=RgSGjn_Z1dg