Palo Alto Networks has fixed nine vulnerabilities in its PAN-OS operating system for versions 8.1 or later.
The CVSS scores ranged from a high of 9.8 to a low of 3.3. While none of the vulnerabilities were used by attackers in the wild, security researchers from Tenable and Positive Technologies published advisories letting Palo Alto customers know about the security issues and to make sure they patch their systems.
According to researchers at Positive Technologies, attackers can use these vulnerabilities to gain access to sensitive data or develop an attack to gain access to the internal segments of a corporate network that uses vulnerable protection tools.
Satnam Narang, a staff research engineer at Tenable, said the one vulnerability that had a CVSS of 9.8 was especially concerning because an attacker could exploit the vulnerability by simply sending a malicious request to a device – no authentication was needed.
“We’re not telling people not to use multifactor authentication, but we are saying that Palo Alto customers should be aware the vulnerability exists and that they should patch their systems,” Narang said. “We say this because we know there are a lot of organizations that won’t patch these vulnerabilities immediately.”
The vulnerability with the 9.8 score was discovered internally. Narang added that it’s good Palo Alto has a team that does this kind of work and gets the information quickly out to the public. He said it was the second time in the past few months that vulnerabilities were discovered in the PAN-OS.