When you buy through links in our articles, Future and its distribution partners may earn a commission.

• Palo Alto Networks says it is aware of reports of firewall failures

• The company recommends users to be more cautious and tighten security.

• A patch will be deployed when more details about the bug are found.

Palo Alto Networks has revealed that it recently learned of an alleged vulnerability in its firewall offering that could allow threat actors to execute malicious code remotely.

Since it doesn’t know the details of the flaw and hasn’t yet seen any evidence of abuse, the company says it doesn’t have a patch ready yet, but said it was “aware of an issue.” claim” of a remote code execution vulnerability in the PAN-OS management interface and, as a result, has begun actively monitoring for signs of exploitation.

Meanwhile, Palo Alto Networks has advised its users to be extremely cautious, noting: “At this time, we believe that devices whose access to the management interface is not protected per our recommended best practice deployment guidelines are at increased risk.” “.

Mitigating the problem

“In particular, we recommend that you ensure that access to the management interface is only possible from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow Palo Alto Networks and industry best practices,” the company added.

beepcomputer I found a separate document on the Palo Alto Networks community website, with additional information on how to secure firewalls:

• Isolate the management interface in a dedicated management VLAN.

• Use jump servers to access the management IP. Users authenticate and connect to the jump server before logging into the firewall/Panorama.

• Limit incoming IP addresses to your management interface to approved management devices. This will reduce the attack surface by preventing access from unexpected IP addresses and preventing access via stolen credentials.

• Only allow secure communications such as SSH, HTTPS.

• Allow PING only to test connectivity to the interface.

At the moment, Cortex Xpanse and Cortex XSIAM users appear to be the most vulnerable. Prisma Access and NGFW in the cloud will most likely not be affected.

Through beepcomputer

you may also like