Security News > 2020 > September > Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls
Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools.
Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.
If a potential victim authorizes in the administrator panel and clicks a specially crafted malicious link, attackers will be able to perform any actions on behalf of this user in the context of the Palo Alto application, spoof pages, and develop attacks.
The attack can be conducted from the Internet, but if the administrator panel is located inside, attackers will have to know its address inside the network.
The exception is some basic commands; however, attackers can inject any OS commands using insufficient filtering of user data.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/0CIB0vNE0ds/
Related news
- Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Palo Alto Networks zero-day exploited since March to backdoor firewalls (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Palo Alto Networks fixes zero-day exploited to backdoor firewalls (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (source)
- Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack (source)