When you buy through links on our articles, Future and its syndicate partners may earn a commission.

• Palo Alto Networks says it is aware of claims of firewall flaws

• The company advises users to be very cautious and tighten security

• A patch will be implemented when more details about the bug are found

Palo Alto Networks disclosed that it was recently informed of a suspected vulnerability in it firewall offering that could allow threat actors to remotely execute malicious code.

Because it doesn’t know the details of the flaw and hasn’t yet seen any evidence of abuse in nature, the company says it doesn’t have a patch lined up yet, but said it was “aware of a claim” of a remote code execution vulnerability in the interface management of PAN-OS and as a result began to actively monitor for signs of exploitation.

Meanwhile, Palo Alto Networks advised its users to be very cautious, noting: “At this time, we believe that devices whose access to the management interface is not secured according to our best practice implementation recommendations are at risk grown up”.

Mitigating the problem

“In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practices,” the company added.

BleepingComputer I found a separate document on the Palo Alto Networks community site with additional information on how to secure firewalls:

• Isolate the management interface on a dedicated management VLAN.

• Use hop servers to access the admin IP. Users authenticate and connect to the Jump server before connecting to the firewall/Panorama.

• Limit incoming IP addresses to your interface. administration to approved management devices. This will reduce the attack surface by preventing access from unexpected IP addresses and prevents access using stolen credentials.

• Allow only secure communications such as SSH, HTTPS.

• Allow PING only for testing interface connectivity.

Right now, Cortex Xpanse and Cortex XSIAM users seem to be the most vulnerable. Prisma Access and cloud NGFW are most likely not affected.

By BleepingComputer

You may also like