+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Palo Alto Networks PAN-OS RCE Vulnerability (CVE-2024-5910)

Palo Alto Networks has issued an urgent advisory to its customers, highlighting a potential remote code execution (RCE) vulnerability within the PAN-OS management interface. The cybersecurity firm advises organisations to secure access to this interface to mitigate potential risks.

The advisory follows claims of a new RCE vulnerability targeting the PAN-OS management interface. While the specifics of the alleged vulnerability remain undisclosed, Palo Alto Networks is proactively monitoring for signs of exploitation. To date, there is no evidence of a zero-day exploit in the wild. The advisory also notes that Prisma Access and cloud Next-Generation Firewall (NGFW) products are not believed to be affected by this potential vulnerability.

This development comes shortly after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting Palo Alto Networks’ Expedition tool to its Known Exploited Vulnerabilities (KEV) catalogue, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910, was patched in July; however, technical details have been publicly available since early October, raising concerns about potential attacks.

While Palo Alto Networks has not fully disclosed technical details about the alleged PAN-OS management interface vulnerability, in general, remote code execution (RCE) vulnerabilities allow attackers to execute arbitrary code on a targeted system from a remote location. Here’s how an attacker might theoretically exploit such a vulnerability, assuming it affects the PAN-OS management interface as described:

Direct Access to the Management Interface

If the PAN-OS management interface is accessible over the internet, an attacker might attempt to exploit the RCE vulnerability by sending maliciously crafted requests to this interface. By gaining access to the management interface, attackers could exploit weak points in the code execution process, potentially leading to unauthorised control over the firewall or network security setup.

Executing Malicious Code

Once access is achieved, an attacker could execute commands as if they were an authorised administrator. This can potentially include modifying firewall rules, changing security configurations, or installing malware within the network environment.

Pivoting and Lateral Movement

After gaining a foothold, an attacker could use this access to move laterally through the network, exploiting other connected systems. This would be especially damaging for organisations that use Palo Alto firewalls as a central point of network defence.

Data Exfiltration and Network Surveillance

With elevated privileges, an attacker could monitor network traffic and gain access to sensitive data. They might also be able to siphon data out of the network or install software that allows them ongoing surveillance and control.

Disruption and Manipulation of Network Security

Attackers could alter firewall policies, disrupt network segments, or disable security protocols, making the organisation more vulnerable to further attacks.

Remediation Advice

Palo Alto recommends that customers configure access to the management interface according to best practice deployment guidelines. Specifically, it advises ensuring that access is restricted to trusted internal IP addresses and not exposed to the internet. This measure is expected to mitigate the risk, irrespective of the vulnerability’s nature.

To mitigate the potential risks associated with this PAN-OS vulnerability, organisations using Palo Alto Networks devices should adopt several key security measures to protect their networks and sensitive data. The following steps can be taken to limit exposure and secure the management interface:

Restrict Access to the Management Interface

      • Limit access to the PAN-OS management interface by configuring firewall rules to only allow trusted internal IP addresses or specific network segments.

      • Disable public internet access to the management interface entirely to reduce the risk of exploitation by external attackers.

    Enable Multi-Factor Authentication (MFA)

        • Implement MFA for all administrator accounts on the PAN-OS system to add an additional layer of security. Even if an attacker gains credentials, MFA can prevent unauthorised access.

        • MFA helps protect against credential theft and phishing attacks, both common entry points in exploitation scenarios.

      Review and Update Firewall Rules

          • Regularly audit firewall rules and permissions to ensure that no unnecessary permissions or open access points exist.

          • Ensure that only essential services are accessible and that all unused ports and protocols are disabled.

        Install Security Updates and Patches

            • Use network segregation to isolate the PAN-OS management interface from critical systems and sensitive data. Proper segregation limits the impact of a breach, preventing attackers from moving laterally across the network.
            • Once firewall rules have been implemented, conduct a Network Segregation Test to ensure that the firewall rules are effective at creating network segments that can not be easily bypassed.

          Backup and Disaster Recovery Planning

              • Regularly back up configurations and ensure a recovery plan is in place. In the event of an attack, having secure backups enables rapid restoration of network configurations and limits downtime.

            By implementing these strategies, organisations can significantly reduce the risk posed by this potential vulnerability, securing both the management interface and the broader network.

                • Regularly check for and promptly apply security patches and updates released by Palo Alto Networks, as these address known vulnerabilities.

                • If a specific patch for this issue is released, apply it as soon as possible to mitigate the risk directly.

              Perform Regular Penetration Testing

                  • It is crucial that organisations perform an external penetration test on a regular basis to identify if management interfaces are unknowingly exposed to the Internet.
                  • Organisations should also consider performing a monthly or quarterly network vulnerability assessment of their Internet-exposed services to identify newly-discovered vulnerabilities that may be present.

                Monitor Network Traffic for Unusual Activity

                    • Enable logging and closely monitor network traffic for any signs of suspicious activity, especially around the management interface.

                    • Set up alerts for unusual login attempts, configuration changes, or any unauthorised access attempts.

                  Use a VPN for Remote Access

                      • Require administrators to access the management interface through a secure VPN rather than directly over the internet, further restricting access to authorised personnel.

                      • A VPN adds an additional security layer, preventing attackers from reaching the interface without first breaching the VPN gateway.

                    Apply the Principle of Least Privilege (PoLP)

                        • Limit permissions for all users, granting only the access necessary to perform their roles. Restrict administrative privileges to only essential users.

                        • Review and update user permissions regularly to prevent privilege creep, which could expose the system to greater risk in the event of an exploit.

                      Disable Unnecessary Services and Features

                          • If the management interface has services or features that are not actively required, disable them. Reducing functionality can limit the potential attack surface for exploit attempts.

                        Network Segregation

                          • Use network segregation to isolate the PAN-OS management interface from critical systems and sensitive data. Proper segregation limits the impact of a breach, preventing attackers from moving laterally across the network.
                          • Once firewall rules have been implemented, conduct a Network Segregation Test to ensure that the firewall rules are effective at creating network segments that can not be easily bypassed.

                        Backup and Disaster Recovery Planning

                          • Regularly back up configurations and ensure a recovery plan is in place. In the event of an attack, having secure backups enables rapid restoration of network configurations and limits downtime.

                        By implementing these strategies, organisations can significantly reduce the risk posed by this potential vulnerability, securing both the management interface and the broader network.

                        Subscribe to our monthly newsletter today

                        If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

                        We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

                        Why Choose SecureTeam?

                        CREST
                        CCS
                        ISO9001
                        ISO27001
                        CE-PLUS

                        Customer Testimonials

                        “We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

                        Aim Ltd Chief Technology Officer (CTO)

                        "Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

                        IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

                        “First class service as ever. We learn something new each year! Thank you to all your team.”

                        Royal Haskoning DHV Service Delivery Manager

                        “We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

                        Capital Asset Management Head of Operations

                        “SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

                        Derbyshire County Council Team Manager Education Data Hub

                        “A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

                        AMX Solutions IT Project Officer

                        “We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

                        Innovez Ltd Support Officer

                        Get in touch today

                        If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

                        Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

                        We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

                        Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

                        0

                        No products in the basket.

                        No products in the basket.