Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Palo Alto Networks Patches Dozens of Vulnerabilities 

Palo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser.

Palo Alto Networks

Palo Alto Networks on Wednesday informed customers about the availability of patches for dozens of vulnerabilities affecting its PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser products.

Based on its severity rating of ‘high’, the most important advisory describes CVE-2024-8686, a PAN-OS command injection vulnerability that allows an authenticated attacker with admin privileges to bypass system restrictions and run arbitrary commands on the firewall as root.

The cybersecurity giant has also updated its Chromium-based Prisma Access Browser to address 29 vulnerabilities patched in recent weeks in Chromium. Many of these vulnerabilities have a ‘high severity’ rating and some are known to have been exploited in the wild

The remaining vulnerabilities have been assigned a ‘medium severity’ rating. One of them impacts PAN-OS and is related to the cleartext exposure of GlobalProtect portal passwords. 

“An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so,” the company explained.

Also in PAN-OS, Palo Alto patched a flaw that allows authenticated admins with access to the command-line interface (CLI) to read arbitrary files on the firewall. 

Another PAN-OS security hole can enable authenticated attackers to impersonate other GlobalProtect users.

“Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker,” the company explained. 

Advertisement. Scroll to continue reading.

A cleartext credentials exposure issue has been addressed in the ActiveMQ Content Pack, specifically integration with Cortex XSOAR and XSIAM.

Separately, a Cortex XDR Agent vulnerability affects Windows installations and enables an attacker with admin privileges to disable the agent. The security firm noted that this vulnerability could be leveraged by malware. 

The company says it’s not aware of in-the-wild exploitation for any of the vulnerabilities that are specific to its products. 

Palo Alto Networks has also published a bulletin to inform customers that over a dozen vulnerabilities found over the past decade in open source software do not impact its products.

Related: Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Related: Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

Related: Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.