Around 9000 instances of exposed IP addresses detected.
A critical zero-day vulnerability in Palo Alto Networks' firewall management interface is officially under active exploitation.
The flaw could allow an unauthenticated attacker to remotely execute code, and requires no user interaction or privileges to exploit, according to The Register.
The company initially published an advisory about the issue on November 8th before updating it at the end of last week to confirm that it is now being exploited.
Thousands of installations of the product are potentially affected, researchers recommending users immediately ensure that access to the management interface is possible only from trusted internal IPs and not from the internet.
On Monday, Shadowserver Foundation
said it saw 8,726 IP addresses exposed to the vulnerability, down from around 11,000 a week ago.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
