Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/shadowserver/statuses/113486853330011878">The Shadowserver Foundation (shadowserver@infosec.exchange)'s status on Friday, 15-Nov-2024 21:29:41 JST</a><a href="https://infosec.exchange/@shadowserver" title="shadowserver@infosec.exchange"><img src="https://gnusocial.jp/avatar/233023-48-20240119110326.webp" width="48" height="48" alt="The Shadowserver Foundation" style="position: absolute; left: 0; top: 0;">The Shadowserver Foundation</a><div><a href="https://infosec.exchange/@shadowserver/113465055784705696" rel="in-reply-to">in reply to</a></div></section><article><p>Palo Alto Networks has now updated their advisory <a href="https://security.paloaltonetworks.com/PAN-SA-2024-0015" rel="nofollow noreferrer">https://security.paloaltonetworks.com/PAN-SA-2024-0015</a> saying they have "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet."</p><p>We see a drop in exposed PAN-OS Management Interfaces (down by around 2K from previously shared observations), currently at 8726 IPs </p><p>Get these Interfaces off public Internet access NOW!<br> <br>PAN-OS Management Interface tracker: <a href="https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&amp;vendor=palo+alto+networks&amp;model=pan-os+management+interface&amp;dataset=count&amp;limit=1000&amp;group_by=geo&amp;style=stacked" rel="nofollow noreferrer">https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&amp;vendor=palo+alto+networks&amp;model=pan-os+management+interface&amp;dataset=count&amp;limit=1000&amp;group_by=geo&amp;style=stacked</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4005022#notice-7825256">In conversation</a><time datetime="2024-11-15T21:29:41+09:00" title="Friday, 15-Nov-2024 21:29:41 JST">about 4 months ago</time> <span>from <span><a href="https://infosec.exchange/@shadowserver/113486853330011878" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@shadowserver/113486853330011878">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3493234">Untitled attachment</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/486/852/283/850/949/original/a3a43a4d298e3a4f.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/486/852/283/850/949/original/a3a43a4d298e3a4f.png</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: security.paloaltonetworks.com</div><h5><a href="https://security.paloaltonetworks.com/PAN-SA-2024-0015">PAN-SA-2024-0015 Critical Security Bulletin: Ensure Access to Management Interface is Secured</a></h5><div> from <span>PAN PSIRT</span></div></header><div>Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against  a limited number of firewall management interfaces which are exposed to th...</div><footer></footer></article></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&amp;vendor=palo+alto+networks&amp;model=pan-os+management+interface&amp;dataset=count&amp;limit=1000&amp;group_by=geo&amp;style=stacked">Time series · IoT device statistics · The Shadowserver Foundation</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
The Shadowserver Foundation (shadowserver@infosec.exchange)'s status on Friday, 15-Nov-2024 21:29:41 JST The Shadowserver Foundation
in reply to
Palo Alto Networks has now updated their advisory https://security.paloaltonetworks.com/PAN-SA-2024-0015 saying they have "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet."
We see a drop in exposed PAN-OS Management Interfaces (down by around 2K from previously shared observations), currently at 8726 IPs
Get these Interfaces off public Internet access NOW!

PAN-OS Management Interface tracker: https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=palo+alto+networks&model=pan-os+management+interface&dataset=count&limit=1000&group_by=geo&style=stacked
In conversationabout 4 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/486/852/283/850/949/original/a3a43a4d298e3a4f.png
2. Domain not in remote thumbnail source whitelist: security.paloaltonetworks.com
  PAN-SA-2024-0015 Critical Security Bulletin: Ensure Access to Management Interface is Secured
  from PAN PSIRT
  Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to th...
3. No result found on File_thumbnail lookup.
  Time series · IoT device statistics · The Shadowserver Foundation

Public

Embed Notice

HTML Code

Corresponding Notice