Palo Alto Networks warns users of dangerous security threat affecting firewalls

Palo Alto Networks says it’s aware of claims of flaws in the firewalls
Company is advising users to be extra cautious and tighten up on security
A patch will be deployed when more details about the bug are found

Palo Alto Networks has revealed it was recently made aware of an alleged vulnerability in its firewall offering which could allow threat actors to remotely execute malicious code.

Since it doesn’t know the details of the flaw, and is yet to see any evidence of in-the-wild abuse, the company says it doesn’t have a patch lined up just yet, but said it was “aware of a claim” of a remote code execution vulnerability in the PAN-OS management interface and has, as a result, started actively monitoring for signs of exploitation.

In the meantime, Palo Alto Networks has advised its users to be extra cautious, noting: “At this time we believe devices whose access to the Management Interface is not secured as per our recommended best practice deployment guidelines are at increased risk.”

Mitigating the problem

“In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice,” the company added.

BleepingComputer found a separate document on Palo Alto Networks’ community website, with additional information on how to secure the firewalls:

Isolate the management interface on a dedicated management VLAN.
Use jump servers to access the mgt IP. Users authenticate and connect to the jump server before logging in to the firewall/Panorama.
Limit inbound IP addresses to your mgt interface to approved management devices. This will reduce the attack surface by preventing access from unexpected IP addresses and prevents access using stolen credentials.
Only permit secured communication such as SSH, HTTPS.
Only allow PING for testing connectivity to the interface.

At the moment, Cortex Xpanse and Cortex XSIAM users seem to be the most vulnerable ones. Prisma Access and cloud NGFW are most likely not affected.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/aUnasGQ8hmeK7522DmUfQh-1200-80.jpg

Source link

The promise of 5G for easing the pressure on the stretched public sector

This Keurig coffee maker just dropped to a super-cheap price for Black Friday

The 3 best cheap air fryer deals in Ninja’s official Black Friday sale

Why 2025 will be the year of the AI smart glasses

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Palo Alto Networks warns users of dangerous security threat affecting firewalls

The promise of 5G for easing the pressure on the stretched public sector

This Keurig coffee maker just dropped to a super-cheap price for Black Friday

The 3 best cheap air fryer deals in Ninja’s official Black Friday sale

Why 2025 will be the year of the AI smart glasses

Leave a reply Cancel reply