Palo Alto Networks on Friday issued an informational advisory urging prospects to make sure that entry to the PAN-OS administration interface is secured due to a possible distant code execution vulnerability.
“Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the corporate stated. “At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation.”
Within the interim, the community safety vendor has advisable that customers appropriately configure the administration interface according to the very best practices, and make it possible for entry to it’s doable solely through trusted inside IPs to restrict the assault floor.
It goes with out saying that the administration interface shouldn’t be uncovered to the Web. Among the different tips to cut back publicity are listed under –
- Isolate the administration interface on a devoted administration VLAN
- Use leap servers to entry the administration IP
- Restrict inbound IP addresses to the administration interface to accepted administration gadgets
- Solely allow secured communication equivalent to SSH, HTTPS
- Solely enable PING for testing connectivity to the interface
The event comes a day after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added a now-patched essential safety flaw impacting Palo Alto Networks Expedition to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS rating: 9.3), pertains to a case of lacking authentication within the Expedition migration device that might result in an admin account takeover, and presumably acquire entry to delicate information.
Whereas it is presently not recognized the way it’s being exploited within the wild, federal companies have been suggested to use the mandatory fixes by November 28, 2024, to safe their networks towards the risk.
