19 December 2017

Serious vulnerabilities identified in Palo Alto firewalls

Palo Alto Networks has published a security advisory (PAN-SA-2017-0027) on recently closed critical vulnerabilities that affect firewalls running PAN-OS. Exploiting these vulnerabilities in combination can enable a remote attacker to execute arbitrary code with superuser privileges through the device’s web management interface without authentication.

The issue has to do with three separate vulnerabilities in the PAN-OS web management interface, which have together been assigned the identifier CVE-2017-15944. The vulnerabilities include: partial authentication bypass, arbitrary directory creation and command injection. Technical details on these vulnerabilities are provided in an article by Philip Pettersson, the researcher who identified them.

The vulnerabilities affect PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and prior. The vulnerabilities have been corrected in the latest PAN-OS versions 6.1.19, 7.0.19, 7.1.14 and 8.0.6.

Palo Alto Networks solutions are widespread and can be used to protect industrial networks. Due to this, Kaspersky Lab ICS CERT experts recommend checking the PAN-OS versions used and installing updates where necessary.

Source: Palo Alto Networks