Palo Alto vulnerabilities exploited despite low scores

Attackers successfully gained root access to over 13,000 Palo Alto Networks devices by chaining two vulnerabilities, CVE-2024-0012 and CVE-2024-9474. Despite individual CVSS scores suggesting manageable risk, their combined exploitation bypassed security measures, highlighting a critical flaw in traditional vulnerability scoring systems. This incident underscores the growing challenge of managing escalating vulnerability disclosures, projected to reach over 70,000 annually, exacerbated by AI-driven discovery. The situation necessitates a shift towards more dynamic risk assessment, including chain-dependency audits and faster patching SLAs, to counter sophisticated, AI-accelerated threats.