InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system.
The company fixed the following DoS vulnerabilities:
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by forcing the firewall into maintenance mode, requiring manual intervention to restore normal functionality. This issue affects PA-5400 Series and PA-7000 Series hardware firewalls when GTP security is turned off.
“Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage.” reads the advisory.
CVE-2024-3384 is a DoS vulnerability in PAN-OS that has been addressed by the vendor.
A vulnerability allows a remote attacker to reboot PAN-OS firewalls by sending Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks can cause a denial-of-service (DoS) condition, forcing the firewall into maintenance mode and requiring manual intervention to restore functionality.
This flaw only affects PAN-OS configurations with enabled NTLM authentication.
The vendor has addressed the third DoS vulnerability as CVE-2024-3382.
“A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.” reads the advisory.
Palo Alto Networks fixed a vulnerability in Cloud Identity Engine (CIE) that could cause improper Group Membership Change. This issue, known as CVE-2024-3383, affects user access to network resources. It can result in users being wrongly denied or granted access based on existing Security Policy rules.
The vendor is not aware of attacks in the wild exploiting any of these vulnerabilities.
