Palo Alto Networks Fixes Holes

Wednesday, December 13, 2017 @ 01:12 PM gHale


Palo Alto Networks (PAN) fixed critical and high severity vulnerabilities in its security platform.

Classified as critical, the fix brings together a combination of vulnerabilities in the management interface that can end up exploited by a remote and unauthenticated attacker to execute arbitrary code.

RELATED STORIES
Fix Released for Infusion Pump
Hole in Xiongmai IP Cameras, DVRs
New Firmware Fixes Phoenix Contact X-SS Hole
Rockwell Fixes FactoryTalk Hole

PAN-OS 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier versions suffer from the vulnerabilities. Released fixes are in PAN-OS 6.1.19, 7.0.19, 7.1.14 and 8.0.6.

Attacks can also end up blocked using vulnerability signatures made available by the company.
The flaws ended up reported to Palo Alto Networks by Philip Pettersson.

PAN became aware of the issues in July and just released its fixes.

Pettersson released three vulnerabilities, including a partial authentication bypass, an arbitrary directory creation issue, and a command injection bug.

Combining these flaws allows an unauthenticated attacker to execute arbitrary code with root privileges through the web interface.

“Palo Alto Networks recommends not exposing the web management interface to the Internet,” Pettersson said in a post. “By looking at Project Sonar or Shodan it is evident that it’s actually quite common to deploy the firewalls with the web management interface listening on the WAN port.”

PAN-OS updates also address a high severity flaw in the web interface packet capture management component. The security hole, reported by researchers from Samsung allows an authenticated attacker to inject arbitrary commands.



Leave a Reply

You must be logged in to post a comment.