Palo Alto Networks warned prospects immediately to patch safety vulnerabilities (with public exploit code) that may be chained to let attackers hijack PAN-OS firewalls.
The issues had been present in Palo Alto Networks’ Expedition answer, which helps migrate configurations from different Checkpoint, Cisco, or supported distributors.
They are often exploited to entry delicate knowledge, equivalent to person credentials, that may assist take over firewall admin accounts.
“Multiple vulnerabilities in Palo Alto Networks Expedition allow an attacker to read Expedition database contents and arbitrary files, as well as write arbitrary files to temporary storage locations on the Expedition system,” the corporate stated in an advisory revealed on Wednesday.
“Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.”
These bugs are a mix of command injection, mirrored cross-site scripting (XSS), cleartext storage of delicate info, lacking authentication, and SQL injection vulnerabilities:
Proof-of-concept exploit accessible
Horizon3.ai vulnerability researcher Zach Hanley, who discovered and reported 4 of the bugs, has additionally revealed a root trigger evaluation write-up that particulars how he discovered three of those flaws whereas researching the CVE-2024-5910 vulnerability (disclosed and patched in July), which permits attackers to reset Expedition software admin credentials.
Hanley additionally launched a proof-of-concept exploit that chains the CVE-2024-5910 admin reset flaw with the CVE-2024-9464 command injection vulnerability to realize “unauthenticated” arbitrary command execution on weak Expedition servers.
Palo Alto Networks says that, for the second, there isn’t a proof that the safety flaws have been exploited in assaults.
“The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. The cleartext file affected by CVE-2024-9466 will be removed automatically during the upgrade,” Palo Alto Networks added immediately.
“All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.”
Admins who cannot instantly deploy immediately’s safety updates should limit Expedition community entry to licensed customers, hosts, or networks.
In April, the corporate began releasing hotfixes for a maximum-severity zero-day bug that had been actively exploited since March by a state-backed menace actor tracked as UTA0218 to backdoor PAN-OS firewalls.
