Palo Alto Networks warned prospects as we speak to patch safety vulnerabilities (with public exploit code) that may be chained to let attackers hijack PAN-OS firewalls.
The issues have been present in Palo Alto Networks’ Expedition resolution, which helps migrate configurations from different Checkpoint, Cisco, or supported distributors.
They are often exploited to entry delicate knowledge, resembling person credentials, that may assist take over firewall admin accounts.
“A number of vulnerabilities in Palo Alto Networks Expedition enable an attacker to learn Expedition database contents and arbitrary information, in addition to write arbitrary information to non permanent storage areas on the Expedition system,” the corporate stated in an advisory revealed on Wednesday.
“Mixed, these embody info resembling usernames, cleartext passwords, gadget configurations, and gadget API keys of PAN-OS firewalls.”
These bugs are a mix of command injection, mirrored cross-site scripting (XSS), cleartext storage of delicate info, lacking authentication, and SQL injection vulnerabilities:
Proof-of-concept exploit obtainable
Horizon3.ai vulnerability researcher Zach Hanley, who discovered and reported 4 of the bugs, has additionally revealed a root trigger evaluation write-up that particulars how he discovered three of those flaws whereas researching the CVE-2024-5910 vulnerability (disclosed and patched in July), which permits attackers to reset Expedition software admin credentials.
Hanley additionally launched a proof-of-concept exploit that chains the CVE-2024-5910 admin reset flaw with the CVE-2024-9464 command injection vulnerability to achieve “unauthenticated” arbitrary command execution on weak Expedition servers.
Palo Alto Networks says that, for the second, there isn’t a proof that the safety flaws have been exploited in assaults.
“The fixes for all listed points can be found in Expedition 1.2.96, and all later Expedition variations. The cleartext file affected by CVE-2024-9466 will probably be eliminated robotically throughout the improve,” Palo Alto Networks added as we speak.
“All Expedition usernames, passwords, and API keys needs to be rotated after upgrading to the fastened model of Expedition. All firewall usernames, passwords, and API keys processed by Expedition needs to be rotated after updating.”
Admins who cannot instantly deploy as we speak’s safety updates should prohibit Expedition community entry to approved customers, hosts, or networks.
In April, the corporate began releasing hotfixes for a maximum-severity zero-day bug that had been actively exploited since March by a state-backed menace actor tracked as UTA0218 to backdoor PAN-OS firewalls.