Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Avatar
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we do not know the specifics of the
[[{“value”:”

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.

“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation.”

In the interim, the network security vendor has recommended that users correctly configure the management interface in line with the best practices, and make sure that access to it is possible only via trusted internal IPs to limit the attack surface.

It goes without saying that the management interface should not be exposed to the Internet. Some of the other guidelines to reduce exposure are listed below –

Isolate the management interface on a dedicated management VLAN
Use jump servers to access the management IP
Limit inbound IP addresses to the management interface to approved management devices
Only permit secured communication such as SSH, HTTPS
Only allow PING for testing connectivity to the interface

The development comes a day after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), relates to a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover, and possibly gain access to sensitive data.

While it’s currently not known how it’s being exploited in the wild, federal agencies have been advised to apply the necessary fixes by November 28, 2024, to secure their networks against the threat.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

Next Post

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Related Posts

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher
Avatar
Read More