Summary

Palo Alto Networks has released critical security updates addressing several vulnerabilities, including a high-severity flaw in the Expedition migration tool (CVE-2024-5910, CVSS score: 9.3). Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. This vulnerability allows attackers with network access to take over admin accounts.

Additionally, a flaw in the RADIUS protocol (CVE-2024-3596) can allow privilege escalation via an adversary-in-the-middle attack. This vulnerability occurs between a Palo Alto Networks PAN-OS firewall and a RADIUS server, potentially bypassing authentication and escalating privileges to ‘superuser’ when RADIUS authentication is used with CHAP or PAP selected in the RADIUS server profile.

Affected Systems and/or Application

CVE-2024-5910

• Expedition (prior to version 1.2.92)

CVE-2024-3596

• PAN-OS (versions < 11.1.3, 11.0.4-h4, 10.2.10, 10.1.14, 9.1.19)
• Prisma Access (fix expected by July 30)

Immediate Actions Required

• Update Software: Upgrade Expedition to version 1.2.92 or later and PAN-OS to the versions specified above.
• Restrict Access: Limit network access to the Expedition tool to authorized users only.
• Secure RADIUS Configuration: Avoid using CHAP or PAP without an encrypted tunnel.

Recommendations

• Ensure all systems are updated promptly to protect against potential exploitation.
• Regularly review and update security configurations while consistently monitoring network access and authentication protocols.

For detailed and regularly updated information, visit the official Palo Alto Networks advisory.

References

https://security.paloaltonetworks.com/CVE-2024-5910
https://security.paloaltonetworks.com/CVE-2024-3596
https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html