Palo Alto Networks has alerted users to a potential security threat affecting its firewalls, warning that an alleged vulnerability could allow remote code execution by threat actors. The company is currently monitoring for signs of exploitation and advising users to be extra cautious and tighten up on security. A patch will be deployed once more details about the bug are found.
The company recently discovered a claim of a remote code execution vulnerability in its PAN-OS management interface, which has prompted it to actively monitor for signs of exploitation. However, Palo Alto Networks emphasizes that at this point, there is no evidence of in-the-wild abuse, and therefore, a patch is not yet available.
In the meantime, users are advised to ensure that access to the management interface is secured only from trusted internal IPs, following industry best practice guidelines. Palo Alto Networks has also shared additional information on how to secure firewalls through its community website, recommending isolation of the management interface on a dedicated VLAN and limiting inbound IP addresses to approved management devices.
Cortex Xpanse and Cortex XSIAM users are currently considered most vulnerable, while Prisma Access and cloud NGFW are less likely to be affected. The company is working to resolve the issue and deploy a patch as soon as possible.
Source: https://www.techradar.com/pro/security/palo-alto-networks-warns-users-of-dangerous-security-threat-affecting-firewalls