Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012

Tags

External References

• https://unit42.paloaltonetworks.com/
• https://otx.alienvault.com/

Description

A critical authentication bypass vulnerability (CVE-2024-0012) in Palo Alto Networks PAN-OS software allows unauthenticated attackers to gain administrator privileges on affected devices. The issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2, but not Cloud NGFW or Prisma Access. Limited exploitation attempts have been observed, primarily from anonymous VPN services. Post-exploitation activities include command execution and webshell deployment. Palo Alto Networks is actively monitoring the situation, dubbed Operation Lunar Peek, and has released patches. Customers are urged to update their systems and restrict management interface access to trusted internal IP addresses to mitigate the risk.

Date