Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

by admin 0 Comments

Cyber Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Jul 11, 2024NewsroomVulnerability / Enterprise Security

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.

Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.

“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition,” the company said in an advisory. “Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”

The flaw impacts all versions of Expedition prior to version 1.2.92, which remediates the problem. Synopsys Cybersecurity Research Center’s (CyRC) Brian Hysell has been credited with discovering and reporting the issue.

While there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to secure against potential threats.

As workarounds, Palo Alto Networks is recommending that network access to Expedition is restricted to authorized users, hosts, or networks.

Also fixed by the American cybersecurity firm is a newly disclosed flaw in the RADIUS protocol called BlastRADIUS (CVE-2024-3596) that could allow a bad actor with capabilities to perform an adversary-in-the-middle (AitM) attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to sidestep authentication.

Cybersecurity

The vulnerability then permits the attacker to “escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile,” it said.

The following products are affected by the shortcomings:

  • PAN-OS 11.1 (versions < 11.1.3, fixed in >= 11.1.3)
  • PAN-OS 11.0 (versions < 11.0.4-h4, fixed in >= 11.0.4-h4)
  • PAN-OS 10.2 (versions < 10.2.10, fixed in >= 10.2.10)
  • PAN-OS 10.1 (versions < 10.1.14, fixed in >= 10.1.14)
  • PAN-OS 9.1 (versions < 9.1.19, fixed in >= 9.1.19)
  • Prisma Access (all versions, fix expected to be released on July 30)

It also noted that neither CHAP nor PAP should be used unless they are encapsulated by an encrypted tunnel since the authentication protocols do not offer Transport Layer Security (TLS). They are not vulnerable in cases where they are used in conjunction with a TLS tunnel.

However, it’s worth noting that PAN-OS firewalls configured to use EAP-TTLS with PAP as the authentication protocol for a RADIUS server are also not susceptible to the attack.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
This article was originally published by Thehackernews.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Amazon’s deal with AI startup Adept faces FTC scrutiny
Google, Apple Partner to Bring New Tool That Allows for Easy Media Transfer Across Devices
Samsung to launch upgraded voice assistant Bixby this year with its own AI
NoiseFit Origin Review: Big on Style
Apple releases iOS 18 public beta for iPhone — Here’s what’s new and how to get it

Leave a Reply

Your email address will not be published. Required fields are marked *