“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet,” Palo Alto Networks said in another advisory update, adding “We do not have sufficient information about any indicators of compromise to share at this time.”
If a compromise is feared, customers are advised to monitor for suspicious activity such as unrecognised configuration changes or users.
As additional workarounds, all Expedition and firewall usernames, passwords, and API keys must be rotated, Expedition software should be shut down in inactivity, and network access to Expedition must be restricted to authorised users, hosts, or networks, the company added.
