Exploitation of vulnerability affecting Palo Alto… – NCSC.GOV.UK – National Cyber Security Centre
Exploitation of vulnerability affecting Palo Alto… – NCSC.GOV.UK National Cyber Security Centre
Tag Archive for: Alto
Palo Alto Networks Discloses Exploitation Of ‘Critical’ Zero-Day Flaw Impacting PAN-OS
The company says that exploits of the vulnerability have been ‘limited’ so far.
Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.
In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”
[Related: Fortinet Discloses Vulnerabilities In FortiOS, FortiProxy, FortiClient Linux And Mac]
Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.
The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.
Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.
In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”
“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.
The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.
“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”
Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.
Attackers exploit critical zero-day flaw in Palo Alto Networks firewalls
“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled,” the company said in its advisory.
Customers can check if they have the GlobalProtect gateway configured under the Network > GlobalProtect > Gateways menu in the firewall’s web interface. The telemetry feature can be checked under Device > Setup > Telemetry.
Mitigating Palo Alto Networks Pan-OS
The company plans to release software hotfixes for PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 to address the flaw on April 14. These patches will be numbered 10.2.9-h1, 11.0.4-h1 and 11.1.2-h3. Older PAN-OS releases are not impacted and neither are the Cloud NGFW or Prisma Access and Panorama appliances.
Palo Alto Networks® Closes Talon Cyber Security Acquisition and Will Offer Complimentary Enterprise Browser to Qualified SASE AI Customers
The Talon acquisition extends Palo Alto Networks’ best-in-class SASE solution to help protect all managed and unmanaged devices
SANTA CLARA, Calif., Dec. 28, 2023 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today announced that it has completed the acquisition of Talon Cyber Security, a pioneer of enterprise browser technology.
“We are thrilled to welcome Talon to Palo Alto Networks,” said Nikesh Arora, chairman and CEO of Palo Alto Networks. “Most work today occurs via web browsers, often on unmanaged devices, which poses enormous security risks. Through the seamless integration of Talon’s Enterprise Browser with Prisma® SASE, we will be elevating our best-in-class solution that helps provide ironclad security and data protection for all users across all applications and from any device or location. Additionally, we plan to extend Talon’s cutting-edge Enterprise Browser technology to our qualified SASE AI customers at no additional cost.”
In today’s evolving threat landscape, employees frequently use personal and unmanaged devices to access critical business applications, including using mobile devices alongside corporate laptops. While this approach increases productivity, the lack of consistent security, control and visibility across devices increases security risk. To tackle these challenges, organizations need a holistic SASE solution that securely enables users to access vital business applications regardless of their chosen device. As part of that SASE solution, Talon’s Enterprise Browser will provide additional layers of protection against phishing attacks, web-based attacks and malicious browser extensions. Talon also offers extensive controls to help ensure that sensitive data does not escape the confines of the browser, regardless of whether the enterprise manages the device.
Palo Alto Networks Prisma SASE is the secure foundation for agile, cloud-enabled organizations. Integrating Talon with Prisma Access can provide customers with substantial productivity benefits by enabling unmanaged devices, but also ensures consistent security and deeper visibility into device usage, all while preserving user privacy. This acquisition…