A vulnerability identified as CVE-2024-5910, has been disclosed by Palo Alto. With a CVSS score of 9.3, this vulnerability can lead to authentication bypass, enabling attackers to manipulate network configurations and launch further attacks. Read this Cybersecurity Threat Advisory for recommendations to limit your company’s risks.
What is the threat?
CVE-2024-5910 is a critical vulnerability stemming from a design flaw in the Expedition migration tool. The design flaw consists of a missing authentication mechanism, allowing an attacker to exploit the tool without valid credentials. By sending crafted requests to the Expedition tool, an attacker can bypass the normal authentication checks and gain access with the same privileges as an administrator.
In addition to CVE-2024-5910, several other vulnerabilities have been identified in Palo Alto Networks firewalls that allow for remote code execution. These vulnerabilities typically involve improper input validation or other flaws that can be leveraged to execute arbitrary commands on affected devices. For example, an attacker could craft a malicious payload that exploits a vulnerability in the way the firewall processes specific requests. Upon a successful exploitation, attackers can execute any command with the privileges of the device’s operating system.
Why is this noteworthy?
As the vulnerabilities allow bad actors to bypass authentication and take over administrative accounts, they pose a substantial risk to organizations using Palo Alto Expedition and firewalls. Successful exploitation gives attackers the ability to manipulate firewall configurations, cause data breaches, or cause service disruptions. Additionally, as these are publicly available exploits, it amplifies the risk to organizations as it lowers the barrier to entry for less sophisticated attackers, making it critical for organizations to act swiftly to mitigate these threats.
What is the exposure or risk?
The exposure from these vulnerabilities is significant, particularly for organizations that rely heavily on Palo Alto Networks products for their network security. If left unpatched, the vulnerabilities can lead to unauthorized access, compromise of sensitive data, and manipulation of critical network configurations. The potential for data breaches and operational disruptions poses not only financial risks but also reputational damage. Organizations may face regulatory scrutiny and compliance issues if they fail to adequately protect their networks, making timely remediation essential.
What are the recommendations?
Barracuda recommends the following actions to protect your environment against this vulnerability:
- Apply the latest security updates released by Palo Alto Networks to address the identified vulnerabilities.
- Review and enhance access control measures for network administration tools. Ensure that only authorized personnel have access to critical systems.
- Implement robust monitoring and logging solutions, such as Barracuda XDR Network Security, to detect any unauthorized access attempts or anomalous behavior in network configurations.
- Conduct regular security assessments and penetration testing to identify and remediate vulnerabilities in network configurations and devices proactively.
References
For more in-depth information about the recommendations, please visit the following links:
- https://security.paloaltonetworks.com/PAN-SA-2024-0010
- https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
