Palo Alto Networks has launched safety updates to deal with 5 safety flaws impacting its merchandise, together with a important bug that might result in an authentication bypass.
Cataloged as CVE-2024-5910 (CVSS rating: 9.3), the vulnerability has been described as a case of lacking authentication in its Expedition migration software that might result in an admin account takeover.
“Lacking authentication for a important perform in Palo Alto Networks Expedition can result in an Expedition admin account takeover for attackers with community entry to Expedition,” the corporate stated in an advisory. “Configuration secrets and techniques, credentials, and different information imported into Expedition is in danger attributable to this difficulty.”
The flaw impacts all variations of Expedition previous to model 1.2.92, which remediates the issue. Synopsys Cybersecurity Analysis Heart’s (CyRC) Brian Hysell has been credited with discovering and reporting the problem.
Whereas there isn’t a proof that the vulnerability has been exploited within the wild, customers are suggested to replace to the newest model to safe towards potential threats.
As workarounds, Palo Alto Networks is recommending that community entry to Expedition is restricted to licensed customers, hosts, or networks.
Additionally fastened by the American cybersecurity agency is a newly disclosed flaw within the RADIUS protocol known as BlastRADIUS (CVE-2024-3596) that might permit a foul actor with capabilities to carry out an adversary-in-the-middle (AitM) assault between Palo Alto Networks PAN-OS firewall and a RADIUS server to sidestep authentication.
The vulnerability then permits the attacker to “escalate privileges to ‘superuser’ when RADIUS authentication is in use and both CHAP or PAP is chosen within the RADIUS server profile,” it stated.
The next merchandise are affected by the shortcomings:
- PAN-OS 11.1 (variations < 11.1.3, fastened in >= 11.1.3)
- PAN-OS 11.0 (variations < 11.0.4-h4, fastened in >= 11.0.4-h4)
- PAN-OS 10.2 (variations < 10.2.10, fastened in >= 10.2.10)
- PAN-OS 10.1 (variations < 10.1.14, fastened in >= 10.1.14)
- PAN-OS 9.1 (variations < 9.1.19, fastened in >= 9.1.19)
- Prisma Entry (all variations, repair anticipated to be launched on July 30)
It additionally famous that neither CHAP nor PAP must be used except they’re encapsulated by an encrypted tunnel because the authentication protocols don’t provide Transport Layer Safety (TLS). They aren’t susceptible in circumstances the place they’re used along with a TLS tunnel.
Nonetheless, it is value noting that PAN-OS firewalls configured to make use of EAP-TTLS with PAP because the authentication protocol for a RADIUS server are additionally not inclined to the assault.
