Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.

"Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said. "At this time, we do not know the specifics of the claimed vulnerability. We are actively monitoring for signs of any exploitation."

In the interim, the network security vendor has recommended that users correctly configure the management interface in line with the best practices, and make sure that access to it is possible only via trusted internal IPs to limit the attack surface.

It goes without saying that the management interface should not be exposed to the Internet. Some of the other guidelines to reduce exposure are listed below -

• Isolate the management interface on a dedicated management VLAN
• Use jump servers to access the management IP
• Limit inbound IP addresses to the management interface to approved management devices
• Only permit secured communication such as SSH, HTTPS
• Only allow PING for testing connectivity to the interface

The development comes a day after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), relates to a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover, and possibly gain access to sensitive data.

While it's currently not known how it's being exploited in the wild, federal agencies have been advised to apply the necessary fixes by November 28, 2024, to secure their networks against the threat.