Researchers at the cybersecurity company Randori have discovered a vulnerability in Palo Alto Networks firewalls that use the GlobalProtect Portalto use. It allows malicious code to be smuggled in and executed remotely. In the ten-level Common Vulnerability Scoring System, the gap is rated 9.8 points.
The problem affects several versions of PAN-OS 8.1 prior to version 8.1.17. Randori claims to have found numerous vulnerable entities connected to the Internet. The system is used by a number of Fortune 500 and other global companies.
Aaron Portnoy, Principal Scientist at Randori, explained in an interview with Pentest7 USA: “As soon as an attacker has control over the firewall, he has a view of the internal network and can move sideways. Randori believes the best way to identify potential points of attack is to assess the attack surface. We then devoted resources to assessing the firewall’s attack surface ourselves in a laboratory setting. This enabled us to identify the components that an attacker would have to exploit to compromise the device.
In addition to the patch made available by Palo Alto, Randori recommends that affected companies check the threat prevention signatures 91820 and 91855 made available by Palo Alto Networks. They can be activated to thwart an attack while companies are planning the software upgrade. Randori recommended that companies not using the VPN function as part of the firewall should disable the VPN function.