Penetration testing against “Local Attacker “


Sorry in advance for my poor English.

i have read a lot of stuff in regards to’Penetration Testing’and thinking about
changing my position into data security department inside the company.
My company is focused on L2 products such as ethernet switches and network management tools for private network which includes web applications.

i found several P1 vulnerabilities in these web application but couldn’t really understand the ‘ Added value’ of fixing them ( since only local attacker who is connected to the internal network can exploit).

so buttom line here is my question , is ‘Penetration Testing’ for web application of internal network is important/valueable ? i’m asking myself if there is a good reason to fix them or not :/

Please Advise,