Cybersecurity giant Palo Alto Networks says it is investigating claims of a remote code execution vulnerability via the management interface if its PAN-OS product.
The company said it is “actively monitoring for signs of any exploitation.”
In the meantime, users are strongly advised to take steps to protect their systems from potential exploitation by ensuring that access to the management interface is configured correctly in accordance with recommended best practices.
“In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice,” PAN noted in its security advisory.
Speaking of network security, Taiwanese networking hardware and telecoms equipment vendor D-Link have warned that it won’t address a critical command injection vulnerability (CVE-2024-10914) affecting D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L NAS models as they have reached End-of-Life and are no longer supported. It should be noted that a public exploit exists for this vulnerability and users are recommended to retire and replace legacy D-Link devices.