News

Palo Alto`s massive zero-day hole

Palo Alto`s massive zero-day hole CVE 2021-3064 scored a CVSS rating of 9.8 out of 10 for vulnerability severity. The PAN’s GlobalProtect firewall allows for unauthenticated RCE on multiple versions of PAN-OS 8.1 prior to 8.1.17, on both physical and virtual firewalls. It potentially leaves 10,000 vulnerable firewalls with their goods exposed to the internet. Randori researches concerning the vulnerability reported that if an attacker gains an access to the vulnerability it will allow them to gain a shell on the targeted system, access sensitive configuration data, extract credentials and even more.

Palo Alto`s massive zero-day hole

“As the threat from zero-days grows, more and more organizations are asking for realistic ways to prepare for and train against unknown threats, which translates to a need for ethical use of zero-days.”“When a defender is unable to patch a flaw, they must rely on other controls. Real exploits let them validate those controls, and not simply in a contrived manner,” researches said in their report.

Initially Randori had confidence that “more than 70,000 vulnerable instances were exposed on internet-facing assets.”They based the resulting facts on a Shodan search of internet-exposed devices. The Randori Attack Team first detected the vulnerability a year ago. They developed a working exploit and used it against Randori customers (with authorization) over the past year. Randori synchronized the disclosure with the PAN. And on Wednesday Palo Alto Networks released an advisory and an update to patch CVE-2021-3064.

CVE-2021-3064 creates overflow in a buffer

Research team also provided a short technical analysis of CVE-2021-3064. It is a buffer overflow that takes place while parsing user-supplied input into a fixed-length location on the stack. To get to the problematic code, attackers would have to use an HTTP smuggling technique, researchers gave an explanation of it. In other ways, it’s not reachable outwardly. HTTP request smuggling is a technique for intervening in the way a web site processes sequences of HTTP requests that are obtained from one or more users.

In addition Randori offered recommendations for Palo Alto customers on how to mitigate the threat:

Observe logs and alerts from the device;

  • Limit origin IPs allowed to connect to services;
  • If you don’t use the GlobalProtect VPN portion of the Palo Alto firewall, put out of action it;
  • Authorize signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to obstruct attacks against this vulnerability;
  • Put in layered controls (such as firewall, WAF, segmentation, access controls);
  • Put out of action any unused features.
  • In case you miss the news we will give a short abstract here. The Moses Staff attack group that has been terrorizing the Israeli organization from September 2021 published the 3D photos of Israeli area. The group politically motivates their actions and calls for potential partners.

    Andrew Nail

    Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

    Recent Posts

    Remove Pbmsoultions.com Pop-up Ads

    About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

    16 hours ago

    Remove Prizestash.com Pop-up Ads

    About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

    16 hours ago

    Remove Verifiedbreaking.com Pop-up Ads

    About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

    16 hours ago

    Remove Themoneyminutes.com Pop-up Ads

    About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

    17 hours ago

    Remove News-xcidizi.com Pop-up Ads

    About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

    20 hours ago

    Remove Everytraffic-flow.com Pop-up Ads

    About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

    20 hours ago