Security News > 2021 > November > Massive Zero Day Hole Found in Palo Alto Security Appliances

Researchers have developed a working exploit to gain remote code execution via a massive vulnerability in a security appliance from Palo Alto Networks, potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet.

The Randori Attack Team found the zero day a year ago, developed a working exploit and used it against Randori customers over the past year.

"On devices with ASLR enabled, exploitation is difficult but possible. On virtualized devices, exploitation is significantly easier due to lack of ASLR and Randori expects public exploits will surface." When it comes to certain hard device versions with MIPS-based management plane CPUs, Randori researchers haven't exploited the buffer overflow to achieve controlled code execution, they said, "Due to their big endian architecture." But they noted that "The overflow is reachable on these devices and can be exploited to limit availability of services."

Randori CTO David "Moose" Wolpoff has written for Threatpost, explaining why he loves breaking into security appliances and VPNs: After all, they present one convenient lock for attackers to pick, and then presto, they can invade an enterprise.

If you don't use the GlobalProtect VPN portion of the Palo Alto firewall, disable it.

Randori pointed out that Wolpoff has blogged about why zero-days are essential to security, and the Palo Alto Networks zero day is a prime example.

News URL

https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/