Palo Alto Networks PAN-OS: OS Command Injection Vulnerability in GlobalProtect

byAurora_Feniks -

 

Palo Alto Networks PAN-OS: OS Command Injection Vulnerability in GlobalProtect

  • Apr 20, 2024

Description: A critical command injection vulnerability has been discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability affects specific PAN-OS versions and configurations, allowing unauthenticated attackers to execute arbitrary code with root privileges on the firewall. Notably, Cloud NGFW, Panorama appliances, and Prisma Access are not impacted.

Affected Versions:


  • PAN-OS 11.1: < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3

  • PAN-OS 11.0: < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1

  • PAN-OS 10.2: < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1


Solution:


  • Upgrade to fixed versions: PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, or later.

  • Apply hotfixes for other commonly deployed maintenance releases.


Exploitation Status:


  • Increasing number of attacks leveraging the vulnerability.

  • Proof of concepts publicly disclosed by third parties.


Weakness Type: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Recommended Mitigations:


  • Use Threat Prevention subscription to block attacks (Threat IDs: 95187, 95189, 95191).

  • Ensure vulnerability protection is applied to GlobalProtect interfaces.

  • Disabling device telemetry is no longer an effective mitigation.


Additional Information:


  • Threat brief: Unit 42 threat brief

  • Detection: Check device logs for indicators of exploit activity.

  • Investigation: Open a case in the Customer Support Portal for device compromise assessment.


Acknowledgments: Palo Alto Networks acknowledges Volexity for detecting and identifying this issue.

FAQ:


  • Exploitation: Increasing number of attacks reported.

  • Indicator Checks: Use provided command from PAN-OS CLI.

  • Compromise Assessment: Upload technical support file for investigation.

  • Additional Indicators: Refer to Unit42 Threat Brief and Volexity blog post.


Impact: While Cloud NGFW firewalls are not impacted, specific PAN-OS versions and configurations deployed in the cloud are affected.

This vulnerability poses a significant risk to affected systems and requires immediate attention to mitigate potential exploitation and compromise.

Tags

Aurora_Feniks

I have extensive experience working on various projects within the IT field, which has provided me with a comprehensive understanding of all areas related to information technology. My expertise in cyber security and my hands-on experience with current scenarios have given me a well-rounded perspective on security issues.

You might like

View all

Post a Comment

Hello, share your thoughts with us.

Previous Post Next Post

İletişim Formu