Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Jul 11 2024

Overview

Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.

Affected Products

Expedition version prior to 1.2.92

PAN-OS, Cloud NGFW, Prisma Access prior to 10.2.4 on Panorama version

PAN-OS, Cloud NGFW, Prisma Access prior to 10.1.9 on Panorama version

Cortex XDR Agent None

Cortex XDR Agent version prior to 8.2.2

Cortex XDR Agent version prior to 7.9.102-CE

PAN-OS, Cloud NGFW, Prisma Access None

PAN-OS, Cloud NGFW, Prisma Access version prior to 11.2.1

PAN-OS, Cloud NGFW, Prisma Access version prior to 11.1.4

PAN-OS, Cloud NGFW, Prisma Access version prior to 11.0.5

PAN-OS, Cloud NGFW, Prisma Access version prior to 10.2.10

PAN-OS, Cloud NGFW, Prisma Access version prior to 10.1.14-h2

PAN-OS, Cloud NGFW, Prisma Access None

PAN-OS, Cloud NGFW, Prisma Access All

PAN-OS, Cloud NGFW, Prisma Access None

PAN-OS, Cloud NGFW ,Prisma Access version prior to 11.1.3

PAN-OS, Cloud NGFW, Prisma Access version prior to 11.0.4-h4

PAN-OS, Cloud NGFW, Prisma Access version prior to 10.2.10

PAN-OS, Cloud NGFW, Prisma Access version prior to 10.1.14

PAN-OS, Cloud NGFW, Prisma Access version prior to 9.1.19

PAN-OS, Cloud NGFW, Prisma Access None

Resolved Vulnerabilities

Vulnerability in Palo Alto Networks Expedition due to a critical feature in Expedition that allows an attacker with network access to Expedition to take over the Expedition administrator account (CVE-2024-5910, CVSS 9.3) [1]

Arbitrary file upload vulnerability in Palo Alto Networks Panorama software in PAN-OS, Cloud NGFW, and Prisma Access could allow an authenticated read-write administrator with access to the web interface to crash system processes and cause Panorama to crash (CVE-2024-5911, CVSS 7) [2]

A flaw in file signature checking in Cortex XDR Agent could allow an attacker to bypass the executable blocking feature of Cortex XDR Agent and execute an untrusted executable on the device. (CVE-2024-5912, CVSS 6.8) [3]

Improper input validation vulnerability in Palo Alto Networks PAN-OS software in PAN-OS, Cloud NGFW, and Prisma Access could allow an attacker with the ability to tamper with the physical file system to escalate privileges. (CVE-2024-5913, CVSS 5.4) [4]

Vulnerability in PAN-OS,Cloud NGFW,Prisma Access that allows the radius server to bypass authentication and elevate privileges to ‘superuser’ when radius authentication is enabled and chap or pap is selected in the radius server profile (CVE-2024-3596, CVSS 5.3) [5]

Vulnerability Patches

With the 07/10/2024 update, the following product-specific Vulnerability Patches were provided.

Expedition 1.2.92 and later versions

PAN-OS, Cloud NGFW, Prisma Access All

PAN-OS, Cloud NGFW, Prisma Access 10.2.4 on Panorama and later versions

PAN-OS, Cloud NGFW, Prisma Access 10.1.9 on Panorama and later versions

PAN-OS, Cloud NGFW, Prisma Access All

Cortex XDR Agent All

Cortex XDR Agent 8.2.2 and later versions

Cortex XDR Agent 7.9.102-CE and later versions

PAN-OS, Cloud NGFW, Prisma Access All

PAN-OS, Cloud NGFW, Prisma Access 11.2.1 and later versions

PAN-OS, Cloud NGFW, Prisma Access 11.1.4 and later

PAN-OS, Cloud NGFW, Prisma Access 11.0.5 and later versions

PAN-OS, Cloud NGFW, Prisma Access 10.2.10 and later versions

PAN-OS, Cloud NGFW, Prisma Access 10.1.14-h2 and later versions

PAN-OS, Cloud NGFW, Prisma Access All

PAN-OS, Cloud NGFW, Prisma Access None (Fix ETA: July 30)

PAN-OS, Cloud NGFW, Prisma Access All

PAN-OS, Cloud NGFW, Prisma Access 11.1.3 and later versions

PAN-OS, Cloud NGFW, Prisma Access 11.0.4-h4 and later versions

PAN-OS, Cloud NGFW, Prisma Access 10.2.10 and later versions

PAN-OS, Cloud NGFW, Prisma Access 10.1.14 and later versions

PAN-OS, Cloud NGFW, Prisma Access 9.1.19 and later versions

PAN-OS, Cloud NGFW, Prisma Access All

Referenced Sites

[1] Expedition: Missing Authentication Leads to Admin Account Takeover

https://security.paloaltonetworks.com/CVE-2024-5910

[2] PAN-OS: File Upload Vulnerability in the Panorama Web Interface

https://security.paloaltonetworks.com/CVE-2024-5911

[3] Cortex XDR Agent: Improper File Signature Verification Checks

https://security.paloaltonetworks.com/CVE-2024-5912

[4] PAN-OS: Improper Input Validation Vulnerability in PAN-OS

https://security.paloaltonetworks.com/CVE-2024-5913

[5] PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation

https://security.paloaltonetworks.com/CVE-2024-3596

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Spring Product Security Update Advisory (CVE-2024-22271)

Citrix product family (NetScaler ADC, NetScaler Gateway, Citrix Workspace, etc.) security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Spring Product Security Update Advisory (CVE-2024-22271)

Citrix product family (NetScaler ADC, NetScaler Gateway, Citrix Workspace, etc.) security update advisory