Security researchers Mikhail Klyuchnikov and Nikita Abramov from Positive Technologies uncovered four severe vulnerabilities in Palo Alto Networks’ PAN-OS, a software that runs on the company’s next-generation firewalls used by over 66,000 companies in 150 countries. Cybercriminals could exploit the vulnerabilities to obtain sensitive corporate data or compromise internal network systems.
“The vulnerabilities could be leveraged by attackers to obtain maximum privileges in the OS, perform any actions on behalf of an administrator within the Palo Alto application, run arbitrary system commands with maximum privileges, or cause a denial of service for the product’s management web interface,” the researchers said.
Out of four security flaws, three vulnerabilities are rated as high severity and one as medium severity. These include:
This is a Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Attackers could exploit this flaw to access a special firewall section, inject malicious code in one of the web forms, and obtain maximum privileges in the OS.
This is a PAN-OS Command Injection vulnerability in the management web interface. It allows authenticated administrators to execute arbitrary OS commands with root privileges.
This vulnerability allows an unauthorized user to upload arbitrary files of any size to a certain directory on the server, which might lead to Denial of Service (DoS). Palo Alto Networks remediated all the four vulnerabilities in PAN-OS and urged users to update to the latest version to fix the flaws.
Klyuchnikov said, “We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, brute force the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company’s internal network. The administrator panel may be located both inside and outside the corporate network, whichever is more convenient for the admins. But, of course, for security reasons, it is better to have it inside. And therefore, such attacks may be conducted both from the internal and external networks.”