Palo Alto Networks Issues Urgent Warning Over Critical PAN-OS Vulnerability

Palo Alto Networks Issues Urgent Warning Over Critical PAN-OS Vulnerability

Penka Hristovska Penka Hristovska
Published on: November 11, 2024 Senior Editor

Palo Alto Networks has issued an urgent advisory regarding a potential critical vulnerability that could allow remote code execution (RCE) through the management interface of their PAN-OS next-generation firewalls.

The cybersecurity firm says it’s investigating the reported vulnerability. At this time, the company notes that it hasn’t observed any signs of exploitation related to this potential vulnerability and that neither Prisma Access nor Cloud NGFW are affected by this issue.

“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface. At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation.” reads the advisory.

In the meantime, it’s urging all customers to implement immediate security measures. Palo Alto Networks recommends adhering to best practices for securing management access to its devices.

This includes isolating the management interface on a dedicated VLAN, using jump servers to access the management interface, restricting inbound IP addresses to approved management devices, and only allowing secure communication protocols like SSH and HTTPS. Additionally, customers should enable PING for testing connectivity.

“We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines,” the company explained in the advisory. “In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice.”

Palo Alto Networks has recently addressed another critical vulnerability, CVE-2024-5910, in its Expedition tool. This flaw involved missing authentication for a critical function, potentially allowing attackers with network access to take over an Expedition admin account. Expedition is a tool used for configuration migration, tuning, and enrichment.

PALO ALTO NETWORKS SECURITY

The company has released Expedition version 1.2.92 to resolve this issue.

Source of Article