Security News > 2020 > September > Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls
Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools.
Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.
If a potential victim authorizes in the administrator panel and clicks a specially crafted malicious link, attackers will be able to perform any actions on behalf of this user in the context of the Palo Alto application, spoof pages, and develop attacks.
The attack can be conducted from the Internet, but if the administrator panel is located inside, attackers will have to know its address inside the network.
The exception is some basic commands; however, attackers can inject any OS commands using insufficient filtering of user data.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/0CIB0vNE0ds/
Related news
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)