Palo Alto Networks has released security updates to address the issue five security flaws affecting its products, including a critical bug that could lead to bypassing authentication.
Cataloged as CVE-2024-5910 (CVSS Score: 9.3), the vulnerability was described as a case of missing authentication in the Expedition migration tool that could lead to the hijacking of an administrator account.
“Lack of authentication for a critical feature in Palo Alto Networks Expedition could allow an attacker with network access to Expedition to hijack the Expedition administrator account,” the company said in a statement. said in the consulting room. “Due to this issue, configuration secrets, credentials, and other data imported into Expedition are at risk.”
The flaw affects all versions of Expedition up to version 1.2.92, which fixes the problem. Brian Heisel of the Synopsys Cybersecurity Research Center (CyRC) is credited with discovering and reporting the issue.
Although there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to guard against potential threats.
As a workaround, Palo Alto Networks recommends that network access to Expedition be restricted to authorized users, hosts, or networks.
The US-based cybersecurity firm also patched a recently discovered flaw in the RADIUS protocol called BlastRADIUS (CVE-2024-3596) that could allow a malicious actor with capabilities to execute an adversary-in-the-middle (AitM) attack between the Palo Alto Networks PAN-OS firewall and the RADIUS server for bypass authentication.
The vulnerability then allows an attacker to “elevate the privileges of ‘superuser'” when using RADIUS authentication and either CHAP or PAP is selected in the RADIUS server profile,” this said.
The following products are affected by the defects:
- PAN-OS 11.1 (versions < 11.1.3, выпраўлена ў >= 11.1.3)
- PAN-OS 11.0 (versions < 11.0.4-h4, выпраўлена ў >= 11.0.4-h4)
- PAN-OS 10.2 (versions < 10.2.10, выпраўлена ў >= 10.2.10)
- PAN-OS 10.1 (versions < 10.1.14, выпраўлена ў >= 10.1.14)
- PAN-OS 9.1 (versions < 9.1.19, выпраўлена ў >= 9.1.19)
- Prisma Access (all versions, patch expected July 30)
He also noted that neither CHAP nor PAP should be used unless encapsulated by an encrypted tunnel, as the authentication protocols do not provide Transport Layer Security (TLS). They are not vulnerable when used in conjunction with a TLS tunnel.
However, it should be noted that PAN-OS firewalls configured to use EAP-TTLS with PAP as the authentication protocol for the RADIUS server are also not susceptible to the attack.
