Recently, Palo Alto Networks, a global cybersecurity company, provided an overview of different security issues that affect their solutions. The former can be exploited to give the attacker similar rights as regular users and thus pose a real threat to your network security.
In this ought to be read blog post, the author goes deeper to explain the type of vulnerabilities that I am referring to, their implications and the measures that are suggested to be taken.
Based on the given information, it is clear that the most serious security vulnerability is the critical flaw in the expedition migration tool identified as CVE-2024-5910.
The version of Expedition applicable to the migration of configurations to and from multiple security platforms is the largest problem in Palo Alto Networks. This fault is identified as CVE-2024-5910, and the severity rating of this vulnerability in terms of CVSS is 9.
The absence of authentication for a mission-critical function gives rise to a CSV of 3, representing high severity. An attacker with network access to Expedition would be capable of exploiting this kind of issue to attain full control of an administrator.Read this blog post to know How Firewalls Keep Your Data Safe: A Deep Dive into Cybersecurity
Potential Impact:
A successful exploit of CVE-2024-5910 would allow an attacker to:
Takeover administrator accounts: Attending admin privileges means that an attacker achieves full control over the configurations, malware downloads, and even the entire network space.
Disrupt operations: This means that attackers could twist the security policies implemented in an organization making firewalls and other forms of security controls to be of no influence.
Escalate privileges: The access privileges give the admin access to further jeopardize other systems in the network.
BlastRADIUS Vulnerability (CVE-2024-3596)
One more worthy to note threat was fixed by Palo Alto Networks and is called BlastRADIUS or CVE-2024-3596. This flaw is located in the RADIUS that is an authentication protocol implemented on network devices. Said hacker has ability to perform Man-in-the-Middle (MitM) attack between one of the Palo Alto’s PAN-OS firewalls equipped with BlastRADIUS and a RADIUS server, exploit it to dodge authentication completely.
Potential Impact:
A successful exploit of CVE-2024-3596 would allow an attacker to:
Gain unauthorized access: Since authentication is avoided, the attacker is able to move around in the internal network and might steal information.
Launch further attacks: Once an attacker has penetrated a network, they are also able to perform a lateral spread, attack other implementations.
[Also read:How to Spot a Fake Website: 10 Warning Signs You Need to Know]
Additional Vulnerabilities Patched
Palo Alto Networks also addressed several other vulnerabilities across their product line, including:
High-severity file upload vulnerability (CVE-2024-5911) in Panorama software: This fault might result in a denial-of-service (DoS) state with security management functionalities being removed from service.
Medium-severity vulnerabilities in Cortex XDR Agent (CVE-2024-5912) and PAN-OS (CVE-to-be-assigned): These weaknesses may permit code execution or file system manipulation for Attacker’s privilege escalation.
Also refer our extensive guide on Patchwork Security: Why a Layered Approach is Crucial in Today’s Threat Landscape can help you understand various security constraints and how to approach them
Taking Action: Patch Immediately
Security software especially the one used in Palo Alto Networks has been updated to rectify all the aforementioned vulnerabilities. It is highly recommended that all user update all their impacted Palo Alto Networks products to the latest release as soon as possible. Here’s what you should do: Here’s what you should do:
Identify Affected Products: Visit the Palo Alto Networks Security Advisories page: https://security.paloaltonetworks.com/ to see if any of the vulnerabilities affect your particular versions of the products.
Download and Apply Updates: Update your devices — obtain the latest available security releases for the Palo Alto Networks products you identified as problematic.
Restrict Network Access to Expedition (if applicable): The following is a recommendation by Palo Alto Networks until a new update for Expedition is released The suggested solution for this is to limit network access to this tool only to the authorized personnel.
Additional Security Best Practices
Although patching plays a very big part in security, multiple layers are important for security to be effective. Here are some additional best practices to consider.Read this blog post to know 5 Simple Hacks to Secure Your Personal Computer
Enable Multi-Factor Authentication (MFA): It becomes more secure than just entering a username and a password to get access to the account as MFA doubles the security to get access to the account .
Segment your Network: The principle of segmentation divides the network into different subnets thus in case there is an invasion in a specific segment the impact cannot affect the rests.
Regular Security Audits: Administrative control is essential as it involves security audit that enable the identification of such openings before the predator makes use of them.
Stay Informed: Remove the end user software and Follow the links for the latest security advisories from Palo Alto Networks and other security vendors
Found this article interesting? Follow us on Twitter to read more exclusive content