Admin vulnerability threatens Palo Alto Networks migration tool Expedition
Various Palo Alto Networks cyber security products are vulnerable. Security updates are available.
(Image: JLStock/Shutterstock.com)
Attackers can target several software vulnerabilities in the PAN-OS firewall system from Palo Alto Networks. If attacks are successful, this can lead to networks being compromised.
Dangerous attacks
The manufacturer of IT security appliances lists the threatened components in the security section of its website. One "critical" vulnerability (CVE-2024-5910) affects the migration tool Expedition. Because authentication is missing in the context of a critical function, attackers with network access can take over an admin account. The developers state that they have closed the vulnerability in Expedition 1.2.92 . They assure that they have not observed any attacks to date.
The PAN-OS system is the basis of the manufacturer's firewalls. A security vulnerability (CVE-2024-5911 "high") allowed attackers to upload malicious code to crash firewalls. They can also put firewalls into maintenance mode so that IT staff have to intervene to make the appliance usable again. For such an attack to work, however, an attacker needs admin rights.
The developers state that only PAN-OS versions 10.1 and 10.2 are affected. Editions 10.1.9 and 10.2.4 are protected against the attacks described.
Further threats
The remaining vulnerabilities are classified as "medium" and "low" threat level. They concern Cortex XDR Agent and PAN-OS. The verification of file signatures can fail here, for example.
The developers also warn against a hardcoded password in Expedition VM. At this point, remote attackers can obtain root rights. The updated setup file Expedition initSetup_v2.0 commit date 20240605 solves the security problem.
(des)
