Untitled attachment

Notices where this attachment appears

1. Embed this notice
   The Shadowserver Foundation (shadowserver@infosec.exchange)'s status on Friday, 15-Nov-2024 21:29:41 JST The Shadowserver Foundation

   Palo Alto Networks published an advisory on 2024-11-08 warning of a claim of an RCE via the PAN-OS management interface. While no exploitation activity has yet been observed, we added fingerprinting for exposed PAN-OS mgmt interfaces in our Device ID report to warn recipients of potential attack surface exposure.

   We see around 11K IPs exposed (2024-11-10 scan).

   You can view exposure on our Dashboard selecting "IoT device statistics" in the top nav bar and setting vendor to "Palo Alto Networks" and model to "PAN-OS Management Interface"

   World map view: https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-11-10&vendor=palo+alto+networks&model=pan-os+management+interface&geo=all&data_set=count&scale=log

   PAN-OS mgmt exposure tracker:
   https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=palo+alto+networks&model=pan-os+management+interface&dataset=count&limit=1000&group_by=geo&style=stacked

   IP data is now shared daily in our Device ID report https://shadowserver.org/what-we-do/network-reporting/device-identification-report/

   Palo Alto Networks security alert advisory https://security.paloaltonetworks.com/PAN-SA-2024-0015

   Guidance on "How to Secure the Management Access of Your Palo Alto Networks Device" by Palo Alto Networks: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431

   PAN-OS Management Exposure by US state:
   https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-11-10&vendor=palo+alto+networks&model=pan-os+management+interface&geo=all&data_set=count&scale=log