Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool

Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool

July 11, 2024 at 06:54AM

Palo Alto Networks released patches for critical, high, and medium-severity vulnerabilities, including an authentication flaw in Expedition migration tool and an arbitrary file upload issue in Panorama software. The firm also addressed security defects in Cortex XDR agent and PAN-OS software, as well as a vulnerability impacting PAN-OS firewalls. Fixes for these issues have been provided, and more details are available on Palo Alto Networks’ security advisories page.

From the meeting notes, the following key takeaways can be identified:

1. Palo Alto Networks released patches for multiple vulnerabilities, with one critical-severity bug in its Expedition migration tool (CVE-2024-5910, CVSS score of 9.3), which allowed for the potential takeover of administrative accounts due to a missing authentication for a critical function.

2. In addition, a high-severity arbitrary file upload issue in Panorama software (CVE-2024-5911) was resolved, which could lead to a denial-of-service (DoS) condition for authenticated attackers, causing the Panorama to enter maintenance mode.

3. Patches were also released for medium-severity security defects in Cortex XDR agent and PAN-OS software, addressing vulnerabilities that could allow attackers to run untrusted code on a device and tamper with the physical file system to elevate privileges.

4. Palo Alto Networks also published an advisory regarding the impact of the recently disclosed BlastRADIUS vulnerability on its PAN-OS firewalls configured to use the CHAP or PAP protocols for authentication with a RADIUS server, allowing attackers to bypass authentication and escalate privileges to ‘superuser’.

5. The company has included fixes for the mentioned vulnerabilities in various PAN-OS versions and plans to release fixes for Prisma Access by the end of the month.

6. Palo Alto Networks stated that it is not aware of any of these vulnerabilities being exploited in the wild.

For further details and updates on these vulnerabilities and their corresponding patches, it is recommended to visit Palo Alto Networks’ security advisories page.

Full Article