October 9, 2024 at 03:03PM
Palo Alto Networks urged customers to patch critical vulnerabilities in its Expedition solution, which could allow attackers to hijack PAN-OS firewalls and access sensitive data. The flaws involve command injection, XSS, and SQL injection, with proof-of-concept exploits available. Users should upgrade to Expedition 1.2.96 and rotate credentials.
### Meeting Takeaways
1. **Security Vulnerabilities in PAN-OS Firewalls:**
– Palo Alto Networks issued a warning about vulnerabilities in their Expedition solution that could be exploited to compromise PAN-OS firewalls.
2. **Nature of Vulnerabilities:**
– The identified flaws allow access to sensitive data, including user credentials, and can lead to the takeover of firewall administrator accounts.
3. **Types of Vulnerabilities:**
– The vulnerabilities include:
– Command injection
– Reflected cross-site scripting (XSS)
– Cleartext storage of sensitive information
– Missing authentication
– SQL injection
4. **Proof of Concept:**
– Researcher Zach Hanley published a proof-of-concept exploit that demonstrates chaining specific vulnerabilities to achieve unauthorized command execution on vulnerable systems.
5. **No Current Exploits Reported:**
– As of now, there is no evidence that these vulnerabilities have been exploited in active attacks.
6. **Recommended Actions:**
– Customers are advised to upgrade to Expedition version 1.2.96 or later.
– Following the upgrade, it’s critical to rotate all Expedition usernames, passwords, and API keys, as well as those for any firewalls processed by Expedition.
7. **Interim Security Measures:**
– Until upgrades can be applied, administrators should restrict access to the Expedition network only to authorized users, hosts, or networks.
8. **Prior Vulnerability Context:**
– This communication follows a previous disclosure regarding a critical vulnerability (CVE-2024-5910) that allowed credential resets, which was disclosed and patched in July.
9. **Historical Note:**
– In April, the company addressed a serious zero-day exploit that had been targeted by state-backed threat actors.
### Action Items:
– **For all affected customers:** Prioritize upgrading Expedition software and rotate credentials as stated.
– **For IT teams:** Implement access restrictions if an immediate upgrade is not feasible.