Palo Alto Networks has issued security updates to fix five significant vulnerabilities across its products, including a critical flaw in its Expedition migration tool that poses a severe security risk.
The most critical of these, cataloged as CVE-2024-5910 with a CVSS score of 9.3, involves a missing authentication mechanism in the Expedition migration tool. This vulnerability can allow attackers with network access to take over an admin account, leading to potential compromise of configuration secrets, credentials, and other sensitive data imported into Expedition.
In a recent advisory, Palo Alto Networks explained, “Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.” The advisory emphasized the high risk to data security posed by this flaw and urged users to update to the latest version, 1.2.92, which addresses the issue.
The flaw affects all versions of Expedition before 1.2.92. The Synopsys Cybersecurity Research Center (CyRC) researcher, Brian Hysell, discovered and reported this vulnerability. While there is currently no evidence that this vulnerability has been exploited in the wild, Palo Alto Networks advises users to promptly update to the latest version to mitigate any potential threats.
To further protect against potential exploitation, the company recommends restricting network access to the Expedition tool to only authorized users, hosts, or networks.
Additionally, Palo Alto Networks addressed a newly disclosed flaw in the RADIUS protocol, termed BlastRADIUS (CVE-2024-3596). This vulnerability enables a bad actor to perform an adversary-in-the-middle (AitM) attack between Palo Alto Networks PAN-OS firewall and a RADIUS server, potentially bypassing authentication measures.
The advisory elaborates, “The vulnerability permits the attacker to escalate privileges to ‘superuser’ when RADIUS authentication is in use, and either CHAP or PAP is selected in the RADIUS server profile.” This vulnerability poses a significant risk as it can lead to unauthorized access and control over affected systems.
The following PAN-OS versions are impacted by the RADIUS protocol flaw:
- PAN-OS 11.1 (versions < 11.1.3, fixed in >= 11.1.3)
- PAN-OS 11.0 (versions < 11.0.4-h4, fixed in >= 11.0.4-h4)
- PAN-OS 10.2 (versions < 10.2.10, fixed in >= 10.2.10)
- PAN-OS 10.1 (versions < 10.1.14, fixed in >= 10.1.14)
- PAN-OS 9.1 (versions < 9.1.19, fixed in >= 9.1.19)
- Prisma Access (all versions, with a fix expected to be released on July 30)
Palo Alto Networks cautions that neither CHAP nor PAP should be used unless encapsulated by an encrypted tunnel, as these protocols lack Transport Layer Security (TLS). The advisory also clarifies that PAN-OS firewalls configured to use EAP-TTLS with PAP as the authentication protocol for a RADIUS server are not susceptible to the attack.
As cybersecurity threats evolve, maintaining updated systems and applying the latest patches is critical in safeguarding sensitive data and ensuring the integrity of network infrastructure. Palo Alto Networks’ prompt response to these vulnerabilities highlights the importance of vigilance and proactive measures in cybersecurity management.
In summary, users of Palo Alto Networks’ Expedition migration tool and PAN-OS firewalls are strongly encouraged to apply the latest updates and follow recommended security practices to mitigate the risks associated with these vulnerabilities. By staying informed and taking appropriate action, organizations can enhance their security posture and protect against potential exploits targeting these flaws.
For detailed instructions on applying the updates and further guidance on securing your systems, refer to Palo Alto Networks’ official security advisories and documentation.
Follow us on (Twitter) for real time updates and exclusive content.
Pingback: AT&T Data Breach Exposes Millions of Wireless Customers' Call Records