Palo Alto Networks Urges Customers to Patch Firewall Vulnerabilities

October 9, 2024

Palo Alto Networks has alerted its customers about the need to patch certain security vulnerabilities in its systems. These vulnerabilities, for which public exploit code is available, could potentially allow attackers to hijack PAN-OS firewalls. The vulnerabilities were identified in the company's Expedition solution, a tool that facilitates the migration of configurations from other vendors such as Checkpoint and Cisco. If exploited, these vulnerabilities could provide access to sensitive data, including user credentials, which could be used to take control of firewall admin accounts.

The company issued an advisory on Wednesday, stating, 'Multiple vulnerabilities in Palo Alto Networks Expedition allow an attacker to read Expedition database contents and arbitrary files, as well as write arbitrary files to temporary storage locations on the Expedition system.' The advisory further explained that the vulnerabilities could potentially expose information like usernames, clear-text passwords, device configurations, and device API keys of PAN-OS firewalls.

These vulnerabilities are a mix of command injection, reflected cross-site scripting (XSS), clear-text storage of sensitive information, missing authentication, and SQL injection vulnerabilities. Zach Hanley, a vulnerability researcher at Horizon3.ai, discovered and reported four of these bugs. Hanley has also published an analysis detailing how he found three of these flaws while researching the CVE-2024-5910 vulnerability, which was disclosed and patched in July and allows attackers to reset Expedition application admin credentials. Hanley also released a proof-of-concept exploit that combines the CVE-2024-5910 admin reset flaw with the CVE-2024-9464 command injection vulnerability to achieve 'unauthenticated' arbitrary command execution on vulnerable Expedition servers.

As of now, Palo Alto Networks has stated that there is no evidence that these security flaws have been exploited in attacks. The company has provided fixes for all listed issues in Expedition version 1.2.96 and all subsequent versions. The company added, 'All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.' Administrators who are unable to immediately implement today's security updates should limit Expedition network access to authorized users, hosts, or networks.

In related news, the company began releasing hotfixes in April for a high-severity zero-day bug that had been actively exploited since March by a state-backed threat actor tracked as UTA0218 to backdoor PAN-OS firewalls.

Latest News

• Hackers Exploit GitHub and GitLab Platforms to Distribute Malware
• Emergency Security Update Issued by Mozilla for Firefox Zero-Day Exploited in Attacks
• Automated Scanner Developed to Detect Servers Vulnerable to CUPS RCE Attacks
• Microsoft's October 2024 Patch Tuesday Addresses Five Zero-days and 118 Vulnerabilities
• Ivanti Alerts on Three New Actively Exploited CSA Zero-Days