Palo Alto Networks on Friday issued an informational advisory urging prospects to make sure that entry to the PAN-OS administration interface is secured due to a possible distant code execution vulnerability.
“Palo Alto Networks is conscious of a declare of a distant code execution vulnerability through the PAN-OS administration interface,” the corporate stated. “Presently, we have no idea the specifics of the claimed vulnerability. We’re actively monitoring for indicators of any exploitation.”
Within the interim, the community security vendor has really helpful that customers appropriately configure the administration interface in step with the very best practices, and guarantee that entry to it’s doable solely through trusted inner IPs to restrict the assault floor.
It goes with out saying that the administration interface shouldn’t be uncovered to the Web. Among the different tips to scale back publicity are listed beneath –
- Isolate the administration interface on a devoted administration VLAN
- Use leap servers to entry the administration IP
- Restrict inbound IP addresses to the administration interface to accredited administration units
- Solely allow secured communication equivalent to SSH, HTTPS
- Solely permit PING for testing connectivity to the interface
The event comes a day after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added a now-patched crucial security flaw impacting Palo Alto Networks Expedition to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS rating: 9.3), pertains to a case of lacking authentication within the Expedition migration software that might result in an admin account takeover, and probably acquire entry to delicate information.
Whereas it is at the moment not identified the way it’s being exploited within the wild, federal businesses have been suggested to use the required fixes by November 28, 2024, to safe their networks in opposition to the menace.
