Description
Palo Alto Networks has recently addressed several critical security vulnerabilities in its products, including an authentication bypass flaw in the Expedition migration tool (CVE-2024-5910) and a RADIUS protocol vulnerability dubbed BlastRADIUS (CVE-2024-3596).
Attack Details
Two critical vulnerabilities have been identified in Palo Alto Networks’ products, prompting immediate security updates. The first, CVE-2024-5910, affects the Expedition migration tool by allowing unauthorized access to administrative accounts due to missing authentication. This flaw, present in all versions of Expedition prior to 1.2.92, poses risks of admin account takeovers and exposure of imported configuration secrets and credentials. The second vulnerability, CVE-2024-3596, impacts PAN-OS firewalls using the RADIUS protocol with CHAP or PAP authentication. It enables attackers to conduct adversary-in-the-middle attacks, potentially escalating privileges to ‘superuser’ level. Affected PAN-OS versions range from 9.1 to 11.1, emphasizing the importance of applying recommended patches promptly to mitigate these security risks.
Recommendations
Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
References