Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges.
It recommended applying the updates and restricting the access to the management web interface to only trusted internal IP addresses, according to the vendor’s best practice deployment guidelines.