Palo Alto PAN-OS Vulnerabilities Announced

Palo Alto PAN-OS Vulnerabilities Announced

A cybersecurity advisory was issued Friday, May 15, 2020, regarding multiple vulnerabilities in Palo Alto PAN-OS. The vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to the affected application, possibly resulting in a breach.

What It Is:
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for session fixation attacks. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue using maliciously crafted URI. The attacker uses email or other means to distribute the malicious URI and entices an unsuspecting user to follow it hijacking the user session ID.

Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to the affected application.

Read the original Palo Alto Networks Security Advisories.

Threat Intelligence:
There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected:

• PAN-OS versions 7.1, 8.0, 8.1 prior to 8.1.14
• PAN-OS versions 9.0 prior to 9.0.8

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: Low

What It Means:
If you and/or your business utilize the Palo Alto PAN-OS versions mentioned above, you will need to apply appropriate patches or appropriate mitigations provided by Palo Alto to vulnerable systems immediately following proper testing.

Technical Summary:
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for session fixation attacks. Details of the vulnerabilities are as follows:

• CVE-2020-1993: GlobalProtect Portal PHP session fixation vulnerability
• CVE-2020-2006: Buffer overflow in management server payload parser
• CVE-2020-1998: Improper SAML SSO authorization of shared local users
• CVE-2020-2012: Panorama: XML external entity reference ('XXE') vulnerability leads to the information leak
• CVE-2020-2007: OS command injection in management server
• CVE-2020-1997: GlobalProtect registration open redirect
• CVE-2020-1994: Predictable temporary file vulnerability
• CVE-2020-1996: Panorama management server log injection
• CVE-2020-2011: Panorama registration denial of service
• CVE-2020-2009: Panorama SD WAN arbitrary file creation

What To Do:
We recommend the following actions be taken:

• Apply appropriate patches or appropriate mitigations provided by Palo Alto to vulnerable systems immediately after appropriate testing.
• Block external access at the network boundary, unless external parties require service.
• If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
• To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
• Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.
• Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Palo Alto PAN-OS including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.