Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Palo Alto Networks Addresses Critical Flaws in PAN-OS Firewalls, Warns of Potential Full Compromise



Palo Alto Networks has recently addressed multiple critical flaws in its PAN-OS firewalls that allow for full compromise of the devices. These vulnerabilities, discovered by researchers from Horizon3, pose a significant risk to organizations relying on these firewalls. Organizations must take immediate action to address these flaws and ensure the security of their networks.

  • Palo Alto Networks has addressed multiple critical flaws in its PAN-OS firewalls, allowing for full compromise of the devices.
  • The vulnerabilities reside in the Expedition solution, a migration tool that helps organizations move configurations to Palo Alto's PAN-OS.
  • Four vulnerabilities were discovered: CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466.
  • The flaws include command injection, SQL injection, and reflected XSS vulnerabilities.
  • Palo Alto Networks recommended restricting network access to Expedition and checking for potential compromise by running a MySQL command on the system.


    • Palo Alto Networks has recently addressed multiple critical flaws in its PAN-OS firewalls that allow for full compromise of the devices. The security firm warned that attackers could chain these vulnerabilities to hijack the devices, posing a significant risk to organizations relying on these firewalls.

    The vulnerabilities reside in Palo Alto Networks' Expedition solution, which is a migration tool designed to help organizations move configurations from other firewall platforms (such as Check Point, Cisco, and others) to Palo Alto's PAN-OS. According to an advisory issued by the company, multiple vulnerabilities in the Expedition solution allow an attacker to read Expedition database contents and arbitrary files, as well as write arbitrary files to temporary storage locations on the Expedition system.

    The flaws addressed by Palo Alto Networks include:

    * CVE-2024-9463 (CVSS 9.9) - A command injection vulnerability in PAN-OS allows unauthenticated attackers to execute OS commands as root, exposing usernames, passwords, configurations, and API keys of PAN-OS firewalls.
    * CVE-2024-9464 (CVSS 9.3) - An authenticated OS command injection vulnerability allows attackers to gain root access, leading to data exposure similar to CVE-2024-9463.
    * CVE-2024-9465 (CVSS 9.2) - An SQL injection vulnerability in PAN-OS Expedition allows unauthenticated attackers to access database contents, including password hashes and device configurations, and create or read files on the system.
    * CVE-2024-9466 (CVSS 8.2) - A vulnerability in PAN-OS Expedition allows authenticated attackers to access sensitive information, revealing firewall usernames, passwords, and API keys stored in cleartext.
    * CVE-2024-9467 (CVSS 7.0) - A reflected XSS vulnerability allows malicious JavaScript to execute in an authenticated user's browser, leading to phishing attacks and potential session theft.

    The vulnerabilities impact Expedition versions prior to 1.2.96. Researchers from Horizon3 discovered the flaws while investigating a previously disclosed vulnerability (CVE-2024-5910), which was disclosed in July. The experts shared a proof-of-concept exploit code that chains the CVE-2024-5910 admin reset flaw with CVE-2024-9464 for unauthenticated command execution on Expedition servers.

    Palo Alto Networks recommended restricting network access to Expedition to authorized users and hosts. For CVE-2024-9465, check for potential compromise by running the command `mysql -uroot -p -D pandb -e "SELECT * FROM cronjobs;"` on an Expedition system. If records are returned, it indicates potential compromise; however, a lack of records does not confirm safety.

    It is worth noting that Palo Alto Networks is not aware of any attacks in the wild exploiting these vulnerabilities. However, organizations relying on PAN-OS firewalls must take immediate action to address these flaws and ensure the security of their networks.

    In conclusion, the critical flaws discovered in Palo Alto Networks' PAN-OS firewalls highlight the importance of regular vulnerability testing and patch management for organizations. The consequences of failing to address these vulnerabilities could be severe, including data breaches, financial losses, and reputational damage.



    Related Information:

  • https://securityaffairs.com/169599/security/palo-alto-fixed-critical-flaws-in-pan-os-firewalls.html

  • https://www.itpro.com/security/palo-alto-networks-issues-fixes-for-critical-pan-os-software-flaw

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9463

  • https://www.cvedetails.com/cve/CVE-2024-9463/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9464

  • https://www.cvedetails.com/cve/CVE-2024-9464/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9465

  • https://www.cvedetails.com/cve/CVE-2024-9465/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9466

  • https://www.cvedetails.com/cve/CVE-2024-9466/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9467

  • https://www.cvedetails.com/cve/CVE-2024-9467/


    • Published: Thu Oct 10 03:03:37 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us