Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue.
Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.
Palo Alto Networks Expedition is a tool designed to help users transition to and optimize Palo Alto Networks’ next-generation firewalls. It assists with the migration of configurations from other firewall vendors and legacy Palo Alto Networks devices to newer models. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency.
“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.” reads the advisory. “Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”
The vulnerability affects Expedition versions before 1.2.92. The researcher Brian Hysell reported the flaw to the security vendor.
The company is not aware of any attacks in the wild or public exploits targeting this issue.
The company recommends restricting network access to Expedition to authorized users, hosts, or networks.
Palo Alto also addressed a File Upload Vulnerability, tracked as CVE-2024-5911 (CVSS score: 7.0), in the Panorama Web Interface of PAN-OS.
“An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama.” reads the advisory. “Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.”
The remaining issues addressed by the security vendor are:
6.8 | CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks | Cortex XDR Agent 8.4Cortex XDR Agent 8.3-CECortex XDR Agent 8.3Cortex XDR Agent 8.2Cortex XDR Agent 7.9-CE | NoneNoneNone< 8.2.2< 7.9.102-CE | AllAllAll>= 8.2.2>= 7.9.102-CE | 2024-07-10 | 2024-07-10 |
5.4 | CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS | Cloud NGFWPAN-OS 11.2PAN-OS 11.1PAN-OS 11.0PAN-OS 10.2PAN-OS 10.1Prisma Access | None< 11.2.1< 11.1.4< 11.0.5< 10.2.10< 10.1.14-h2None | All>= 11.2.1>= 11.1.4>= 11.0.5>= 10.2.10>= 10.1.14-h2All | 2024-07-10 | 2024-07-10 |
5.3 | CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation | Cloud NGFWPAN-OS 11.2PAN-OS 11.1PAN-OS 11.0PAN-OS 10.2PAN-OS 10.1PAN-OS 9.1Prisma Access | NoneNone< 11.1.3< 11.0.4-h4< 10.2.10< 10.1.14< 9.1.19All | AllAll>= 11.1.3>= 11.0.4-h4>= 10.2.10>= 10.1.14>= 9.1.19None (Fix ETA: July 30) | 2024-07-10 | 2024-07-10 |
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Palo Alto )