Palo Alto Networks has issued an informational advisory warning customers about a potential remote code execution vulnerability in its PAN-OS management interface. The company is urging users to secure access to the interface by following best practices, such as limiting exposure to the internet and using trusted internal IPs.
The vulnerability, tracked as CVE-2024-5910, relates to missing authentication in the Expedition migration tool. Federal agencies have been advised to apply necessary fixes by November 28, 2024, to secure their networks against the threat.
To mitigate the risk, users are recommended to isolate the management interface on a dedicated VLAN, use jump servers, limit inbound IP addresses to approved devices, and only permit secured communication such as SSH and HTTPS. The management interface should not be exposed to the internet.
This warning comes after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
Source: https://thehackernews.com/2024/11/palo-alto-advises-securing-pan-os.html