Palo Alto Networks has issued security updates to fix five vulnerabilities in its products, including a critical flaw that could enable an authentication bypass.
The critical vulnerability, identified as CVE-2024-5910 (CVSS score: 9.3), involves missing authentication in the Expedition migration tool, potentially allowing an admin account takeover. “Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition,” the company stated in an advisory. “Configuration secrets, credentials, and other data imported into Expedition are at risk due to this issue.”
The flaw affects all versions of Expedition before 1.2.92, which addresses the problem. Brian Hysell from Synopsys Cybersecurity Research Center (CyRC) discovered and reported the issue.
Although there is no evidence of the vulnerability being exploited in the wild, users are advised to update to the latest version to protect against potential threats. As a workaround, Palo Alto Networks recommends restricting network access to Expedition to authorized users, hosts, or networks.
Additionally, the company has fixed a newly disclosed flaw in the RADIUS protocol, called BlastRADIUS (CVE-2024-3596). This flaw could allow an adversary-in-the-middle (AitM) attack between Palo Alto Networks PAN-OS firewall and a RADIUS server, bypassing authentication and escalating privileges to “superuser” when RADIUS authentication is in use with either CHAP or PAP selected in the RADIUS server profile.
The following products are affected by these vulnerabilities:
– PAN-OS 11.1 (versions < 11.1.3, fixed in >= 11.1.3)
– PAN-OS 11.0 (versions < 11.0.4-h4, fixed in >= 11.0.4-h4)
– PAN-OS 10.2 (versions < 10.2.10, fixed in >= 10.2.10)
– PAN-OS 10.1 (versions < 10.1.14, fixed in >= 10.1.14)
– PAN-OS 9.1 (versions < 9.1.19, fixed in >= 9.1.19)
– Prisma Access (all versions, fix expected on July 30)
The company advises against using CHAP or PAP unless encapsulated by an encrypted tunnel, as these protocols do not offer Transport Layer Security (TLS). However, PAN-OS firewalls configured to use EAP-TTLS with PAP as the authentication protocol for a RADIUS server are not susceptible to this attack.
, involves missing authentication in the Expedition migration tool, potentially allowing an admin account takeover. "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition," the company stated in an advisory. "Configuration secrets, credentials, and other data imported into Expedition are at risk due to this issue."){kind=link}