Attackers are exploiting a zero-day flaw in Palo Alto Networks’ firewalls to gain access to devices. A patch is not yet available, but organizations can protect themselves.

Palo Alto Networks warns customers that firewalls are vulnerable to attacks due to a zero-day flaw. The abuse is not theoretical: Palo Alto Networks discovered the flaw because it is already being actively exploited. A patch is not yet available and that makes the situation dangerous: attackers can gain access to a firewall and from there to the network with a relatively simple attack.

Sign

Fortunately, users are not defenseless. To penetrate the firewalls, attackers must have access to the management interface. Palo Alto therefore recommends that customers properly shield this interface immediately. If access is restricted to specific IPs on the local network, the firewalls are protected. Access via the public Internet is generally not permitted.

Customers can use the support portal to search for devices that require action, The Register knows. Palo Alto proactively indicates when it detects Internet-accessible management interfaces.

The zero-day bug has not yet been assigned a CVE number. Palo Alto Networks has not yet shared any concrete information about who exactly is behind the attacks, nor is it clear when a patch will be available.

Palo Alto has it tough. Last week, US CISA warned of two dangerous flaws in the company’s Expedition migration tool. Updates are already available for this.