Firewall Bug Under Active Attack Triggers CISA Warning

Palo Alto Networks' PAN-OS is under active attack due to a firewall bug, affecting multiple versions and requiring immediate patching to prevent exploitation. The attack vector is unknown, but it is crucial to patch ASAP to prevent potential security breaches. The vulnerability class is related to the firewall's functionality.

1. The vulnerability affects multiple versions of Palo Alto Networks' PAN-OS, including PAN-OS 10.2.0 and earlier.
2. The attack is under active exploitation, and patching is the only recommended mitigation. No workarounds or compensating controls are available.
3. The attack chain involves exploiting the vulnerability to gain unauthorized access to the firewall, potentially leading to lateral movement and data exfiltration.
4. Detection opportunities include monitoring for suspicious network traffic patterns and analyzing firewall logs for signs of unauthorized access.

T1190 - Exploit Public-Facing Application

Patching to the latest version of PAN-OS, specifically PAN-OS 11.2.0 or later, is the recommended mitigation. Users should also ensure that their firewalls are configured to receive and apply security updates.