Critical Firewall Vulnerability: Over 2,000 Palo Alto Devices Worldwide Compromised 
Oncolytics Biotech Inc.: Advancing Cancer Treatment with Innovative Therapies 
Galaxy S24 Plus vs. Galaxy S23 Plus: A New Era of AI and Innovation 
iPhone 13 vs iPhone 12: What Has Changed and Is It Worth the Upgrade? 
Samsung Galaxy Fit 3: Budget-Friendly Fitness Tracker with Smartwatch Features 
Apple Unveils iOS 18: Check If Your iPhone Is Compatible and What’s New 
Annovis Bio: A Leader in Developing Treatments for Neurodegenerative Diseases 
New Samsung Galaxy S25 Ultra Renders: A Closer Look at the Anticipated Design 
iPhone 15 Pro Max vs iPhone 15 Plus: Which One Should You Choose? 
A severe security flaw in Palo Alto Networks firewalls has left more than 2,000 devices compromised globally, according to findings by the Shadowserver Project. While the German-speaking region has only reported a few dozen affected devices, two countries—namely the United States and India—have been hit particularly hard. Exploits for the vulnerability are now publicly available.
The issue stems from two interconnected flaws in the firewalls’ web GUI and web server configuration. Although the manufacturer has released patches to address the vulnerabilities, Palo Alto Networks maintains that the existence of public exploits is plausible but unproven—a claim that has drawn skepticism, given the circumstances.
Countries Most Affected
As of November 20, the United States reported over 550 compromised devices, followed by India with 460. In contrast, Germany has been relatively unscathed, with just 15 affected devices. Switzerland recorded eight compromised units, while Austria emerged unscathed, according to Shadowserver’s scans.
Many administrators acted swiftly on November 21, taking affected devices offline or applying patches. As a result, the number of compromised devices was halved within 24 hours. However, questions linger: How long did criminal and state-sponsored actors have knowledge of these vulnerabilities before they were disclosed?
Palo Alto’s Response Under Scrutiny
Palo Alto’s cybersecurity team, Unit 42, released an updated assessment on November 20, acknowledging with “medium to high confidence” the existence of a functional exploit. However, this statement raised eyebrows, as a blog post from WatchTowr Labs the previous day had already shared a near-complete proof-of-concept exploit.
Adding to the controversy, Palo Alto has not addressed earlier reports that malware targeting these firewalls had been up for sale three weeks prior. Furthermore, warnings from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about active attacks have not prompted clearer communication from Unit 42.
Patches Released, But Uncertainty Remains
Although the vulnerabilities identified as CVE-2024-0012 and CVE-2024-9474 have been patched, doubts remain about whether previously compromised devices are entirely secure post-update. The incident highlights the critical need for timely action and transparency in addressing cybersecurity threats, especially when attackers may have had extended access to undisclosed vulnerabilities.
This situation serves as a stark reminder of the persistent risks posed by delayed patching and incomplete security disclosures, leaving many to wonder what other vulnerabilities might already be in the hands of malicious actors.