Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

https://firewall.firm.in/wp-content/uploads/2024/07/palo.png

Jul 11, 2024NewsroomVulnerability / Enterprise Security

Palo Alto Networks

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.

Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.

“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition,” the company said in an advisory. “Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”

The flaw impacts all versions of Expedition prior to version 1.2.92, which remediates the problem. Synopsys Cybersecurity Research Center’s (CyRC) Brian Hysell has been credited with discovering and reporting the issue.

While there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to secure against potential threats.

As workarounds, Palo Alto Networks is recommending that network access to Expedition is restricted to authorized users, hosts, or networks.

Also fixed by the American cybersecurity firm is a newly disclosed flaw in the RADIUS protocol called BlastRADIUS (CVE-2024-3596) that could allow a bad actor with capabilities to perform an adversary-in-the-middle (AitM) attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to sidestep authentication.

Cybersecurity

The vulnerability then permits the attacker to “escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile,” it said.

The following products are affected by the shortcomings:

  • PAN-OS 11.1 (versions < 11.1.3, fixed in >= 11.1.3)
  • PAN-OS 11.0 (versions < 11.0.4-h4, fixed in >= 11.0.4-h4)
  • PAN-OS 10.2 (versions < 10.2.10, fixed in >= 10.2.10)
  • PAN-OS 10.1 (versions < 10.1.14, fixed in >= 10.1.14)
  • PAN-OS 9.1 (versions < 9.1.19, fixed in >= 9.1.19)
  • Prisma Access (all versions, fix expected to be released on July 30)

It also noted that neither CHAP nor PAP should be used unless they are encapsulated by an encrypted tunnel since the authentication protocols do not offer Transport Layer Security (TLS). They are not vulnerable in cases where they are used in conjunction with a TLS tunnel.

However, it’s worth noting that PAN-OS firewalls configured to use EAP-TTLS with PAP as the authentication protocol for a RADIUS server are also not susceptible to the attack.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket