Palo Alto Networks has issued an urgent advisory, cautioning customers to ensure secure access to the PAN-OS administrative interface, as a potentially exploitable remote code execution flaw has been identified.
“Palo Alto Networks has become aware of a disclosure regarding a distant code execution vulnerability affecting the PAN-OS administration interface, according to the company.” “At present, there is no concrete information available regarding the alleged security flaw.” “We continuously scrutinize all possible signs of potential exploitation.”
During this interim period, the community safety vendor ensured that customers properly configured the administrative interface in accordance with best practices, thereby restricting access to only trusted internal IP addresses to minimize the attack surface.
It’s self-evident that the administrative interface should not be exposed to the public internet. Several potential strategies to scale back publicity efforts include:
- Ensure isolation of the administrative interface by segregating it to a dedicated administration Virtual Local Area Network (VLAN).
- Can access the administration interface using a leap server?
- Restricted access: Inbound IP addresses limited to administration interface for verified administrative entities.
- All authorized connections must be encrypted with protocols such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS), ensuring the confidentiality and integrity of transmitted data.
- Enable PING functionality solely to test connectivity to the interface.
The event occurred a day after the United States’ announcement. The Cybersecurity and Infrastructure Safety Agency (CISA) has recently added a newly patched critical security vulnerability affecting Palo Alto Networks’ Expedition to its Known Exploited Vulnerabilities (KEV) catalog, following confirmation of active exploitation.
A newly discovered vulnerability, designated as CVE-2024-5910 with a CVSS score of 9.3, has been identified in the Expedition migration device due to the absence of authentication measures. This weakness could potentially enable attackers to take control of an administrative account and gain unauthorized access to sensitive information.
While the exploitation of this issue is currently undetected in the wild, federal agencies are advised to implement necessary patches by November 28, 2024, to safeguard their networks against potential threats.
