Palo Alto Networks has launched safety updates to handle 5 safety flaws impacting its merchandise, together with a vital worm that might result in an authentication bypass.
Cataloged as CVE-2024-5910 (CVSS rating: 9.3), the vulnerability has been described as a case of lacking authentication in its Expedition migration software that might result in an admin account takeover.
“Lacking authentication for a vital serve as in Palo Alto Networks Expedition can result in an Expedition admin account takeover for attackers with community get admission to to Expedition,” the corporate stated in an advisory. “Configuration secrets and techniques, credentials, and different knowledge imported into Expedition is in peril because of this factor.”
The flaw affects all variations of Expedition previous to model 1.2.92, which remediates the issue. Synopsys Cybersecurity Analysis Middle’s (CyRC) Brian Hysell has been credited with finding and reporting the problem.
Whilst there is not any proof that the vulnerability has been exploited within the wild, customers are instructed to replace to the most recent model to protected towards attainable threats.
As workarounds, Palo Alto Networks is recommending that community get admission to to Expedition is specific to licensed customers, hosts, or networks.
Additionally mounted by way of the American cybersecurity company is a newly disclosed flaw within the RADIUS protocol referred to as BlastRADIUS (CVE-2024-3596) that might permit a nasty actor with functions to accomplish an adversary-in-the-middle (AitM) assault between Palo Alto Networks PAN-OS firewall and a RADIUS server to sidestep authentication.
The vulnerability then lets in the attacker to “escalate privileges to ‘superuser’ when RADIUS authentication is in use and both CHAP or PAP is chosen within the RADIUS server profile,” it stated.
The next merchandise are suffering from the shortcomings:
- PAN-OS 11.1 (variations < 11.1.3, mounted in >= 11.1.3)
- PAN-OS 11.0 (variations < 11.0.4-h4, mounted in >= 11.0.4-h4)
- PAN-OS 10.2 (variations < 10.2.10, mounted in >= 10.2.10)
- PAN-OS 10.1 (variations < 10.1.14, mounted in >= 10.1.14)
- PAN-OS 9.1 (variations < 9.1.19, mounted in >= 9.1.19)
- Prisma Get entry to (all variations, repair anticipated to be launched on July 30)
It additionally famous that neither CHAP nor PAP will have to be used except they’re encapsulated by way of an encrypted tunnel because the authentication protocols don’t be offering Shipping Layer Safety (TLS). They aren’t prone in instances the place they’re used along side a TLS tunnel.
Then again, it is price noting that PAN-OS firewalls configured to make use of EAP-TTLS with PAP because the authentication protocol for a RADIUS server also are no longer at risk of the assault.