The Information Highway

The Information Highway

Font size: +
2 minutes reading time (393 words)

Palo Alto PAN-OS RCE vulnerability

Threat update

A threat advisory was issued to Palo Alto customers notifying them of a vulnerability in the PAN-OS interface that can lead to remote code execution (RCE).

Technical Detail and Additional Info

What is the threat?

The vulnerability, internally referred to as PAN-SA-2024-0015 (the CVE number has not been announced), affects the PAN-OS management interface. When exploited, it allows the threat actor to perform RCE. An RCE threat to the network infrastructure can enable attackers to easily gain a foothold into the network. Additionally, attackers may gain access to a privileged part of the network, allowing them to bypass network protection controls. There is no known threat actor exploiting this vulnerability in the wild. However, as no patch is available, it is important to perform the below recommended best practices to protect your network infrastructure. 

Why is it noteworthy?

This threat is particularly significant due to the results of exploitation. The affected devices are often internet-facing. If the management interface is accessed over the internet, the vulnerability will allow an attacker to easily establish a presence on the network and potentially move laterally across the network at the same time. 

What is the exposure or risk?

As the vulnerability impacts the management interface of PAN-OS, if the PAN-OS is set up to be accessible via the internet, it is significantly more exposed than ones that are only accessible on an internal network. A management interface that can only be accessed over a dedicated management VLAN or by a highly secured jump box will further reduce the exposure. 

What are the recommendations?

 LBT Technology Group recommends organizations to take the following steps to reduce the risk of exploitation and protect critical infrastructure from this and similar threats.

  • Limit access to the management interface: Only allow access to the management interface from a dedicated VLAN or restrict access to the management interface to approved management devices, or a secure jump box.
  • Limit access to specific secure protocols: Only allow access via SSH, HTTPS, and use PING to test connection rather than logins. Additionally, disallow TELNET and HTTP.
  • Audit access: Ensure those who have access to the management interface are configured accurately.

References

Phishing campaign spreading Remcos RAT malware
Microsoft says recent Windows 11 updates break SSH...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Friday, 22 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023