Around 9000 instances of exposed IP addresses detected.
A critical zero-day vulnerability in Palo Alto Networks' firewall management interface is officially under active exploitation.
The flaw could allow an unauthenticated attacker to remotely execute code, and requires no user interaction or privileges to exploit, according to The Register.
The company initially published an advisory about the issue on November 8th before updating it at the end of last week to confirm that it is now being exploited.
Thousands of installations of the product are potentially affected, researchers recommending users immediately ensure that access to the management interface is possible only from trusted internal IPs and not from the internet.
On Monday, Shadowserver Foundation
said it saw 8,726 IP addresses exposed to the vulnerability, down from around 11,000 a week ago.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
