Positive Technologies: Vulnerabilities in PAN-OS Could Threaten Internal Networks Security
Palo Alto Networks remediated vulnerabilities in PAN-OS, which is used by Palo Alto Networks next-generation firewalls (NGFW). The vulnerabilities were detected by Positive Technologies experts Mikhail Klyuchnikov and Nikita Abramov. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools.
Vulnerability CVE-2020-2037 (Сommand Injection) has a score of 7.2. It allows executing arbitrary OS commands in the firewall. The attack requires authorization in the software data management web interface. After that, attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS.
Recommended AI News: Docupace Welcomes Ryan George as Chief Marketing Officer
Positive Technologies researcher, Mikhail Klyuchnikov said: “We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company’s internal network. The administrator panel may be located both inside and outside the corporate network, whichever is more convenient for the admins. But, of course, for security reasons, it’s better to have it inside. And therefore, such attacks may be conducted both from the internal and external networks.”
The second vulnerability, CVE-2020-2036 (XSS), has a score of 8.8. If a potential victim authorizes in the administrator panel and clicks a specially crafted malicious link, attackers will be able to perform any actions on behalf of this user in the context of the Palo Alto application, spoof pages, and develop attacks. The attack can be conducted from the Internet, but if the administrator panel is located inside, attackers will have to know its address inside the network.
Recommended AI News: DaVita Announces Shawn Guertin Will Join Its Board of Directors
One more vulnerability, CVE-2020-2038, with a score of 7.2 was detected in the PAN-OS software interface. It extends the set of system commands enabling a variety of potential attacks (as the first vulnerability, it is Command Injection). By default, when working with this interface, there are restrictions on the system command call. The exception is some basic commands (such as ping); however, attackers can inject any OS commands using insufficient filtering of user data. Attackers having the API key or user data for its generation can run arbitrary system commands with maximum privileges.
Finally, the fourth vulnerability (CVE-2020-2039, score 5.3) our experts found allows an unauthorized user to upload arbitrary files of any size to a certain directory on the server, which might lead to denial of service. To exploit this vulnerability, attackers can upload an unlimited number of files of various sizes, which may completely deplete free space in the system making the administrator panel unavailable.
To remediate the vulnerabilities, update the system to the most recent version following the guidelines on the manufacturer’s website.
Recommended AI News: Kubernetes-driven PlanetScale DBaaS Enters Red Hat Marketplace