Palo Alto Networks on Wednesday informed customers about the availability of patches for dozens of vulnerabilities affecting its PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser products.
Based on its severity rating of ‘high’, the most important advisory describes CVE-2024-8686, a PAN-OS command injection vulnerability that allows an authenticated attacker with admin privileges to bypass system restrictions and run arbitrary commands on the firewall as root.
The cybersecurity giant has also updated its Chromium-based Prisma Access Browser to address 29 vulnerabilities patched in recent weeks in Chromium. Many of these vulnerabilities have a ‘high severity’ rating and some are known to have been exploited in the wild.
The remaining vulnerabilities have been assigned a ‘medium severity’ rating. One of them impacts PAN-OS and is related to the cleartext exposure of GlobalProtect portal passwords.
“An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so,” the company explained.
Also in PAN-OS, Palo Alto patched a flaw that allows authenticated admins with access to the command-line interface (CLI) to read arbitrary files on the firewall.
Another PAN-OS security hole can enable authenticated attackers to impersonate other GlobalProtect users.
“Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker,” the company explained.
Advertisement. Scroll to continue reading.
A cleartext credentials exposure issue has been addressed in the ActiveMQ Content Pack, specifically integration with Cortex XSOAR and XSIAM.
Separately, a Cortex XDR Agent vulnerability affects Windows installations and enables an attacker with admin privileges to disable the agent. The security firm noted that this vulnerability could be leveraged by malware.
The company says it’s not aware of in-the-wild exploitation for any of the vulnerabilities that are specific to its products.
Palo Alto Networks has also published a bulletin to inform customers that over a dozen vulnerabilities found over the past decade in open source software do not impact its products.