Palo Alto investigates possible security vulnerability in PAN-OS web interface
Palo Alto is investigating an alleged code-smuggling vulnerability in the PAN-OS administration interface. Some affected customers are being informed.
Palo Alto is investigating an alleged code-smuggling vulnerability in the administration interface of the firewall operating system PAN-OS. The manufacturer recommends that administrators take security measures to make external attacks more difficult.
In a security announcement, the Palo Alto developers write that the company is aware of an alleged vulnerability in the PAN-OS management interface that could allow malicious code to be injected and executed. The employees do not know the details of the vulnerability, but are monitoring the situation for signs of abuse. They believe that Prisma Access and Cloud NGFW are not affected, but do not give any reasons for this.
Alleged security gap: Recommended action
Palo Alto strongly recommends that customers ensure that access to the management interface is done correctly and in accordance with the recommended best practices guidelines. The company also provides instructions for this. To identify potentially affected devices, customers should log into the customer portal and look under "Products" – "Assests" – "All Assets" – "Remediate Required". Palo Alto regularly scans the Internet for publicly accessible Palo Alto devices. Devices marked there with "PAN-SA-2024-0015" require the attention of admins.
Indicators of compromise (IOCs) could not be named. The manufacturer is also not aware of any active exploit attempts.
Just last Friday, the US IT security authority CISA warned that a vulnerability in Palo Alto's migration tool Expedition was being attacked in the wild. IT managers should therefore secure their Palo Alto systems as recommended to avoid the risk of falling victim to cyber attacks.
(dmk)