Palo Alto Networks Firewalls Compromised: Over 2,000 Devices Hacked via Recently Patched Vulnerabilities

Nov 25, 2024

In a significant cybersecurity incident, over 2,000 Palo Alto Networks firewalls have been compromised by attackers exploiting two recently patched zero-day vulnerabilities.

Palo Alto Networks Firewalls Compromised Summary

Incident Overview

The breaches involve two critical vulnerabilities:

  1. CVE-2024-0012: An authentication bypass in the PAN-OS management web interface, allowing remote attackers to gain administrator privileges without authentication.

  2. CVE-2024-9474: A privilege escalation flaw enabling attackers to execute commands on the firewall with root privileges.

Palo Alto Networks initially alerted customers on November 8, 2024, advising them to restrict access to their next-generation firewalls due to a potential remote code execution (RCE) vulnerability, later identified as CVE-2024-0012.

Scope and Impact

The company is investigating ongoing attacks that chain these two vulnerabilities to target a limited number of device management web interfaces. Threat actors have been observed dropping malware and executing commands on compromised firewalls, indicating the likely availability of a functional exploit chain.

Despite the company's assessment that only a "very small number" of PAN-OS devices are impacted, threat monitoring platform Shadowserver reported tracking over 2,700 vulnerable PAN-OS devices. Approximately 2,000 of these have been hacked since the start of the ongoing campaign.

Official Response

Palo Alto Networks has released security updates addressing these vulnerabilities and strongly advises customers to secure their firewalls' management interfaces by restricting access to trusted internal IP addresses. The company emphasizes that securing access to the management interface is the best recommended action at this time.

Implications for the Cybersecurity Community

This incident underscores the critical importance of promptly applying security patches and adhering to best practices for securing management interfaces. Organizations using Palo Alto Networks firewalls are urged to review their security configurations and ensure that all recommended updates and mitigations are implemented to protect against potential exploitation.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

Sep 18, 2025

North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack
North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack
North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack
North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack

North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack

North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack

North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack

North Korean Hackers Exploit ChatGPT to Forge Military IDs in Phishing Attack

Sep 17, 2025

China’s Great Firewall Leak Exposes Global Surveillance Technology Exports
China’s Great Firewall Leak Exposes Global Surveillance Technology Exports
China’s Great Firewall Leak Exposes Global Surveillance Technology Exports
China’s Great Firewall Leak Exposes Global Surveillance Technology Exports

China’s Great Firewall Leak Exposes Global Surveillance Technology Exports

China’s Great Firewall Leak Exposes Global Surveillance Technology Exports

China’s Great Firewall Leak Exposes Global Surveillance Technology Exports

China’s Great Firewall Leak Exposes Global Surveillance Technology Exports

Sep 16, 2025

HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025
HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025
HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025
HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025

HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025

HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025

HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025

HackerOne Data Breach via Salesforce-Drift Integration: Technical Breakdown 2025

Sep 11, 2025

CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks
CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks
CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks
CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks

CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks

CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks

CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks

CISA Flags WhatsApp Zero-Day Vulnerability Exploited in Zero-Click Spyware Attacks

Sep 4, 2025

Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales
Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales
Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales
Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales

Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales

Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales

Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales

Jaguar Land Rover Cyberattack 2025: IT Shutdown Halts Production and Sales

Sep 3, 2025

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.