Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Alarm bells raised over loopholes in Palo Alto firewalls’ use of GlobalProtect VPN

The Australian Cyber Security Centre has issued a HIGH alert over certain versions of the Palo Alto firewall that relies on the GlobalProtect VPN.

user icon
Fri, 12 Nov 2021
Alarm bells raised over loopholes in Palo Alto firewalls’ use of GlobalProtect VPN
expand image

Palo Alto Networks classified the vulnerability as “CRITICAL” noting that it had a severity level of 9.8.

“A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue,” the company’s security advisory read.

“This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

============
============

“Prisma Access customers are not impacted by this issue.”

In the security advisory, the company explained how users can identify whether they are exposed to the exploitable loophole.

“This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface.”

It is not yet believed that the loophole has been exploited by threat actors.

“This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions,” the company explained.

The announcement comes as Microsoft identified loopholes in certain versions of Microsoft Excel, CVE-2021-42292, that are currently being exploited.

The ACSC explained that threat actors could use malicious spreadsheets to leverage this loophole, from where the document is used as part of a spear-phishing campaign.

As of yet, there is no evidence to believe that Office365 Excel has been compromised.

“Australian organisations and individuals who utilise Microsoft Excel Sitecore XP should consult the Microsoft security advisory for a list of affected Excel versions. Australian organisations and individuals should ensure that the available security update is applied as soon as possible,” the ACSC suggested.

[Related: ACSC issues CRITICAL warning for Microsoft Excel]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.