Alerta Crítico: Vulnerabilidades em PAN-OS Permitem Bypass de Autenticação e Execução de Código

Palo Alto Networks firewalls are facing critical security threats due to newly discovered vulnerabilities in their PAN-OS software. These flaws could allow unauthenticated attackers to bypass security measures, gain administrator privileges, and execute arbitrary code, potentially leading to severe data breaches and system compromise. Organizations are urged to update their systems immediately.

Key Takeaways

• Critical vulnerabilities (CVE-2024-3400, CVE-2024-0012, CVE-2024-9474) affect multiple PAN-OS versions.

• Exploitation can lead to authentication bypass and arbitrary code execution with root privileges.

• Palo Alto Networks is aware of limited attacks exploiting these vulnerabilities.

• Urgent patching and security best practices are recommended.

Critical Vulnerabilities Uncovered in PAN-OS

Multiple security vulnerabilities have been identified in Palo Alto Networks' PAN-OS software, the operating system for their next-generation firewalls. The most severe of these flaws, including CVE-2024-3400, CVE-2024-0012, and CVE-2024-9474, could allow unauthenticated attackers to bypass authentication and gain administrator privileges. This level of access enables attackers to install malicious software, view, modify, or delete sensitive data, and create new user accounts with full administrative rights.

Exploitation and Impact

These vulnerabilities, particularly CVE-2024-3400, are described as command injection flaws within the GlobalProtect feature. When both the GlobalProtect gateway and device telemetry are enabled on specific PAN-OS versions (10.2, 11.0, and 11.1), an unauthenticated attacker can exploit this to execute arbitrary code with root privileges. Similarly, CVE-2024-0012 allows an unauthenticated attacker with network access to the management web interface to bypass authentication and gain administrator privileges. CVE-2024-9474 allows an administrator to escalate privileges to root.

Palo Alto Networks has confirmed that a limited number of attacks have already been observed leveraging these vulnerabilities. The threat actors are reportedly originating from IP addresses known to be associated with anonymous VPN services, targeting device management web interfaces.

Affected Systems and Risk Assessment

The vulnerabilities impact several versions of PAN-OS:

• PAN-OS 11.2 versions prior to 11.2.4-h1

• PAN-OS 11.1 versions prior to 11.1.5-h1

• PAN-OS 11.0 versions prior to 11.0.6-h1

• PAN-OS 10.2 versions prior to 10.2.12-h2

• PAN-OS 10.1 versions prior to 10.1.14-h6

Large and medium-sized government entities and businesses are at HIGH risk, while small government entities and businesses are at MEDIUM risk. Home users are considered to be at LOW risk.

Recommended Mitigation and Actions

Organizations using affected PAN-OS versions are strongly advised to apply the provided updates from Palo Alto Networks immediately after thorough testing. Key recommendations include:

• Update PAN-OS: Install the latest patches and updates released by Palo Alto Networks.

• Secure Management Interface: Restrict access to the management web interface to only trusted internal IP addresses.

• Principle of Least Privilege: Ensure all systems and services run with the minimum necessary privileges.

• Vulnerability Management: Establish and maintain a robust vulnerability management process, including regular scanning and timely remediation.

• Execution Prevention: Implement application control and script blocking to prevent unauthorized code execution.

These measures are crucial to protect against potential exploitation and maintain the security posture of critical network infrastructure.

Fontes

• A Vulnerability in PAN-OS Could Allow for Arbitrary Code Execution, CIS Center for Internet Security.

• Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass, CIS Center for Internet Security.