1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Palo Alto VPNs, firewalls suffer from high-severity vulnerability

    From TechnologyDaily@1337:1/100 to All on Thu Apr 7 14:15:03 2022
    Palo Alto VPNs, firewalls suffer from high-severity vulnerability

    Date:
    Thu, 07 Apr 2022 13:02:11 +0000

    Description:
    The vulnerability can be used to trigger DoS attacks and crash devices.

    FULL STORY ======================================================================

    A variety of VPN and firewall products from Palo Alto Networks have been
    found to suffer from a high-severity vulnerability, the company has warned.

    According to a BleepingComputer report, PAN-OS, GlobalProtect app, and Cortex XDR agent software are running on a vulnerable version of the OpenSSL
    library. Prisma Cloud and Cortex XSOAR do not suffer from the same issue,
    Palo Alto confirmed.

    The vulnerability, tracked as CVE-2022-0778, was discovered three weeks ago and, if abused, can enable a denial of service (DoS) attack, or remotely
    crash the vulnerable endpoint . TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Waiting for the patch

    OpenSSL patched up the flaw two weeks ago, but its still going to take a little time before Palo Alto manages to implement the fix for its own products. It seems the customers will have to wait for at least another week.

    In the meantime, those with subscriptions for the Threat Prevention service can enable Threat IDs 92409 and 92411 to block incoming attacks, it was said.

    Palo Alto says that it hasnt seen these vulnerabilities being exploited in
    the wild, although there is a proof-of-concept available, suggesting that it may just be a matter of time before someone abuses the bug. Read more

    Palo Alto Networks hit by data leak


    Thousands of medical pumps could be vulnerable to dangerous security bugs


    This new router reckons it can spot malware for you

    "The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate," an OpenSSL spokesperson told BleepingComputer .

    "TLS servers may be affected if they are using client authentication (which
    is a less common configuration) and a malicious client attempts to connect to it. It is difficult to guess to what extent this will translate to active exploitation." No business perimeter is safe without a strong business VPN,
    so check out the best ones here

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/palo-alto-vpns-and-firewalls-suffer-from-high-s everity-vulnerability/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)