Palo Alto Networks recently released security updates to fix five security vulnerabilities affecting its products, with one critical bug that could result in an authentication bypass.
Known as CVE-2024-5910 (CVSS score: 9.3), this vulnerability involves a missing authentication issue in the Expedition migration tool that could potentially lead to a takeover of an admin account.
The company stated in an advisory that “Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.”
All versions of Expedition before version 1.2.92 are affected by this flaw, which has been discovered and reported by Synopsys Cybersecurity Research Center’s Brian Hysell.
Although there have been no reports of exploitation in the wild, users are urged to update to the latest version as a precaution against potential threats. Additionally, Palo Alto Networks recommends restricting network access to Expedition to authorized users, hosts, or networks.
Furthermore, Palo Alto Networks has addressed a newly disclosed vulnerability in the RADIUS protocol dubbed BlastRADIUS (CVE-2024-3596), which could enable an attacker with the ability to perform an adversary-in-the-middle (AitM) attack between a PAN-OS firewall and a RADIUS server to bypass authentication.
The affected products include PAN-OS versions 11.1, 11.0, 10.2, 10.1, and 9.1, as well as Prisma Access. A fix for Prisma Access is expected to be released on July 30.
The company also advised against using CHAP or PAP unless they are encapsulated by an encrypted tunnel, as these authentication protocols do not provide Transport Layer Security (TLS). It is safe to use them in conjunction with a TLS tunnel.
Notably, PAN-OS firewalls configured with EAP-TTLS using PAP as the authentication protocol for a RADIUS server are not vulnerable to this attack.
The article concludes with a note encouraging readers to follow the source on Twitter and LinkedIn for more exclusive content.