Technology

Palo Alto Networks warns users of dangerous security threat affecting firewalls

November 11, 2024

Palo Alto Networks says it’s aware of claims of flaws in the firewalls
Company is advising users to be extra cautious and tighten up on security
A patch will be deployed when more details about the bug are found

Palo Alto Networks has revealed it was recently made aware of an alleged vulnerability in its firewall offering which could allow threat actors to remotely execute malicious code.

Since it doesn’t know the details of the flaw, and is yet to see any evidence of in-the-wild abuse, the company says it doesn’t have a patch lined up just yet, but said it was “aware of a claim” of a remote code execution vulnerability in the PAN-OS management interface and has, as a result, started actively monitoring for signs of exploitation.

In the meantime, Palo Alto Networks has advised its users to be extra cautious, noting: “At this time we believe devices whose access to the Management Interface is not secured as per our recommended best practice deployment guidelines are at increased risk.”

Mitigating the problem

“In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice,” the company added.

BleepingComputer found a separate document on Palo Alto Networks’ community website, with additional information on how to secure the firewalls:

Isolate the management interface on a dedicated management VLAN.
Use jump servers to access the mgt IP. Users authenticate and connect to the jump server before logging in to the firewall/Panorama.
Limit inbound IP addresses to your mgt interface to approved management devices. This will reduce the attack surface by preventing access from unexpected IP addresses and prevents access using stolen credentials.
Only permit secured communication such as SSH, HTTPS.
Only allow PING for testing connectivity to the interface.

At the moment, Cortex Xpanse and Cortex XSIAM users seem to be the most vulnerable ones. Prisma Access and cloud NGFW are most likely not affected.

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar