Security Flaw Found in Palo Alto's Panorama Product

- The specific vulnerability is an arbitrary file upload issue within the web interface of Palo Alto Networks' Panorama management appliance. An authenticated administrator with read-write access can leverage this flaw to interrupt system processes, leading to a crash of the Panorama server. - If an attacker repeatedly exploits this file upload vulnerability, the Panorama device can be forced into maintenance mode, requiring manual intervention to bring it back online. - A separate but related improper authorization flaw allows an authenticated administrator with only read-only privileges to upload files to the web interface. This can be used to completely fill a disk partition, which in turn prevents administrators from logging into the web interface or downloading necessary system images. - The underlying software, PAN-OS, which runs on Palo Alto Networks firewalls and is managed by Panorama, has also had a series of critical vulnerabilities. Some of these are being actively exploited in the wild. - In one instance, a chain of vulnerabilities in PAN-OS could allow an attacker to gain complete, root-level control over the firewall appliances. Another critical flaw, with a CVSS score of 9.8 out of 10, allowed for a complete bypass of authentication. - The company has also addressed a high-severity denial-of-service vulnerability in its firewalls where a specifically crafted packet could cause the device to reboot. Repeated attacks of this nature would also force the firewall into maintenance mode. - One of the recent actively exploited vulnerabilities in PAN-OS allowed an unauthenticated attacker with network access to the management interface to gain administrator privileges. - To address a critical vulnerability in early 2024, Palo Alto Networks had to issue emergency hotfixes for multiple versions of its PAN-OS software to prevent unauthenticated remote code execution.