Palo Alto is well-known for its network security solutions that they supply to service providers, enterprises, and governments. Last September, a quadruple of vulnerabilities were found in Palo Alto’s network firewall software.
These vulnerabilities were unveiled by two security researchers from Positive Technologies (PT). They discovered and reported four major vulnerabilities residing in PAN-OS operating system by Palo Alto.
PAN-OS is the underlying technology behind Palo Alto’s enterprise-level firewalls. These next-generation firewalls (NGFW) are trusted by big enterprises, and these flaws exposed enterprises to huge risks.
Disclosed Vulnerabilities
Palo Alto publicly disclosed all four vulnerabilities after releasing the patch notes. These vulnerabilities had a major severity level, and all of them targeted the network side of Palo Alto’s firewall; details are as follows:
➔ CVE-2020-2037 – This vulnerability allowed the execution of arbitrary OS commands, but this access was only limited to authorized users; hence the severity level was low.
➔ CVE-2020-2038 – This flaw also exposed the PAN-OS system to arbitrary command execution by authorized users in newer versions of the OS.
➔ CVE-2020-2039 – The DoS attack risk was highlighted where an attacker was able to upload temporary files to the management system until or unless disk space was completely finished, which caused the system to misbehave.
➔ CVE-2020-2036 – A potential XSS vulnerability was disclosed with a high-severity level. The attacker was able to use some social-engineering techniques to trick the system administrator into opening a suspicious link that contained a JavaScript code to be executed on the admin’s side. This code gave all admin privileges to the attacker.
The security researchers from Positive Technologies emphasized the dangerous consequences of these flaws in one of their official blog posts. Mikhail Klyuchnikov and Nikita Abramov added that “Hackers can utilize these vulnerabilities to breach sensitive data and damage the firewall to mess with internal network.”
These researchers were testing the firewall web management interface using BlackBox analysis when they discovered multiple flaws residing in the system.
The Remote Code Execution (RCE) was a major flaw, but its severity levels were low as the execution was only limited to authorized users. Hence, it was impossible for an unauthorized user to run any arbitrary commands.
The Ngnix Webserver stands behind Palo Alto’s firewall. It was possible for an unauthorized user to upload many files on the server until all disc space is exhausted. This can cause the server to crash or behave in uncertain ways due to DoS.
XSS Exploitable Flaw
A reflected XSS vulnerability was also disclosed in the management web interface (CVE-2020-2036.) This flaw resided in the following script:
/unauth/php/change_password.php.
The attacker could easily utilize the $_SERVER[‘PHP_SELF’] user-controlled variable to easily exploit XSS vulnerability that had the potential to gain access over administrator privileges.
Patch Updates
The advisories were published by Palo Alto, and they also released the patches in September 2020. Palo Alto also made an official statement saying that:
“In September 2020, Palo Alto Networks released patches and published security advisories for remediation. We appreciate the researchers sharing their findings.”
The sysadmins are advised to upgrade to the latest version of the provided software to prevent any frightful consequences.