BastionX
Contact UsImmediate Support
HomeBlogsCritical Security Flaws in Palo Alto Network
Critical Security Flaws in Palo Alto Network

Critical Security Flaws in Palo Alto Network

Update Now to Safeguard Your Systems
Cybersecurity News

Palo Alto Networks has recently addressed five significant security vulnerabilities impacting its products, including a critical flaw that could enable an authentication bypass. This article delves into the specifics of these vulnerabilities, their potential risks and the steps users should take to secure their systems.

CVE-2024-5910: Critical Authentication Bypass Vulnerability

One of the most concerning vulnerabilities, cataloged as CVE-2024-5910, carries a CVSS score of 9.3. Specifically, this flaw results from missing authentication in Palo Alto Networks’ Expedition migration tool, potentially allowing an attacker with network access to take over an admin account.

Details of the Vulnerability

According to Palo Alto Networks, “Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.” Therefore, configuration secrets, credentials, and other sensitive data imported into Expedition are at significant risk.

Impacted Versions and Remediation

Importantly, this vulnerability affects all versions of Expedition before 1.2.92. Users are strongly advised to update to version 1.2.92 or later to mitigate the risk. Brian Hysell of Synopsys Cybersecurity Research Center (CyRC) discovered and reported the flaw.

No Known Exploits in the Wild

While there is currently no evidence that this vulnerability has been exploited in the wild, it is crucial for users to update their systems to the latest version to prevent potential threats. Additionally, Palo Alto Networks recommends restricting network access to Expedition to authorized users, hosts, or networks as a temporary workaround.

CVE-2024-3596: BlastRADIUS Vulnerability in RADIUS Protocol

Another notable vulnerability, CVE-2024-3596, also known as BlastRADIUS, impacts the RADIUS protocol used in conjunction with Palo Alto Networks PAN-OS firewalls. Consequently, this flaw could allow an attacker to perform an adversary-in-the-middle (AitM) attack, bypassing authentication, and escalating privileges to a ‘superuser.’

Affected Products and Versions

The following products are affected by this vulnerability:

  • PAN-OS 11.1(versions < 11.1.3, fixed in >= 11.1.3)
  • PAN-OS 11.0(versions < 11.0.4-h4, fixed in >= 11.0.4-h4)
  • PAN-OS 10.2(versions < 10.2.10, fixed in >= 10.2.10)
  • PAN-OS 10.1(versions < 10.1.14, fixed in >= 10.1.14)
  • PAN-OS 9.1(versions < 9.1.19, fixed in >= 9.1.19)
  • Prisma Access(all versions, with a fix expected to be released on July 30)

Security Recommendations

Palo Alto Networks advises against using CHAP or PAP unless they are encapsulated by an encrypted tunnel, as these protocols do not provide Transport Layer Security (TLS). Notably, PAN-OS firewalls configured to use EAP-TTLS with PAP for RADIUS server authentication are not vulnerable to this attack.

Conclusion

The discovery of these critical vulnerabilities highlights the importance of maintaining up-to-date software and implementing robust security practices. Users of Palo Alto Networks products should promptly apply the recommended updates and follow the provided security guidelines to protect their systems from potential exploits. Stay vigilant and ensure your network’s integrity by keeping abreast of the latest security updates.

For further details and updates, visit Palo Alto Networks’ official advisory.

Contact us today!
© 2025 BastionX. All rights reserved.
Privacy Policy