Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

News

Nov 09, 2024Ravie LakshmananVulnerability / Network Security

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.

“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation.”

In the interim, the network security vendor has recommended that users correctly configure the management interface in line with the best practices, and make sure that access to it is possible only via trusted internal IPs to limit the attack surface.

Cybersecurity

It goes without saying that the management interface should not be exposed to the Internet. Some of the other guidelines to reduce exposure are listed below –

  • Isolate the management interface on a dedicated management VLAN
  • Use jump servers to access the management IP
  • Limit inbound IP addresses to the management interface to approved management devices
  • Only permit secured communication such as SSH, HTTPS
  • Only allow PING for testing connectivity to the interface

The development comes a day after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Cybersecurity

The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), relates to a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover, and possibly gain access to sensitive data.

While it’s currently not known how it’s being exploited in the wild, federal agencies have been advised to apply the necessary fixes by November 28, 2024, to secure their networks against the threat.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Third-Party Attacks Drive Major Financial Losses in 2024
DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen
61% of Hackers Use New Exploit Code Within 48 Hours of Attack
LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Leave a Reply

Your email address will not be published. Required fields are marked *