Palo Alto Networks on Friday issued an advisory urging customers to ensure that access to the PAN-OS management interface is secured due to a potential remote code execution vulnerability.
Palo Alto Networks is aware of a remote code execution vulnerability through the PAN-OS management interface. said. “At the moment, we do not know the specifics of the reported vulnerability. We are actively monitoring for signs of any exploitation.”
Meanwhile, the network security vendor advised users to properly configure the management interface according to best practices and ensure that it can only be accessed through trusted internal IP addresses to limit the attack surface.
It goes without saying that the management interface should not be exposed to the Internet. Some of other recommendations to reduce exposure are listed below –
- Isolate the management interface on a dedicated management VLAN
- Use relay servers to access the management IP
- Restrict incoming IP addresses to the management interface of approved management devices
- Allow only secure communication such as SSH, HTTPS
- Allow PING only to verify connectivity to the interface
The development comes a day after the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting Palo Alto Networks’ expedition to the Catalog of Known Vulnerabilities (KEV) is now fixed, citing evidence of active use.
The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), addresses a case of missing authentication in the Expedition migration tool that could lead to the hijacking of an administrator account and possibly access to sensitive data.
While it is currently unknown how it is being used in the wild, federal agencies have been advised to apply the necessary patches by November 28, 2024 to protect their networks from the threat.