Palo Alto Networks patches two firewall zero-days used in attacks Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction. The second one (CVE-2024-9474) is a PAN-OS privilege escalation security flaw that allows malicious PAN-OS administrators to perform actions on the firewall with root privileges. While CVE-2024-9474 was disclosed today, the company first warned customers on November 8 to restrict access to their next-generation firewalls because of a potential RCE flaw tagged last Friday as CVE-2024-0012. See more Bleeping Computer: https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/ Security Week: https://www.securityweek.com/palo-alto-networks-releases-iocs-for-new-firewall-zero-day/