Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012

Nov. 19, 2024, 9:34 a.m.

Description

A critical authentication bypass vulnerability (CVE-2024-0012) in Palo Alto Networks PAN-OS software allows unauthenticated attackers to gain administrator privileges on affected devices. The issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2, but not Cloud NGFW or Prisma Access. Limited exploitation attempts have been observed, primarily from anonymous VPN services. Post-exploitation activities include command execution and webshell deployment. Palo Alto Networks is actively monitoring the situation, dubbed Operation Lunar Peek, and has released patches. Customers are urged to update their systems and restrict management interface access to trusted internal IP addresses to mitigate the risk.

Date

Published: Nov. 18, 2024, 7:19 p.m.

Created: Nov. 18, 2024, 7:19 p.m.

Modified: Nov. 19, 2024, 9:34 a.m.

Attack Patterns

T1505.003

T1571

T1082

T1105

T1190

T1133

T1078

T1068