Security Advisory

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

  • Sep 13 2024

Overview

 

Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.

 

Affected Products

 

PAN-OS,Cloud NGFW,Prisma Access 11.2.2

Prisma Access Browser 128.91.2869.7 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.2.9 on PAN-OS previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 11.0.1 on PAN-OS previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.2.4 on PAN-OS previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.1.9 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.0.12 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 9.1.16 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 9.0.17 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 8.1.25 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 6.2.1 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 6.1.2 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 6.0.7 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 5.2.13 previous version

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 5.1.12 previous version

PAN-OS,Cloud NGFW,Prisma Access 10.1.1 previous version

PAN-OS,Cloud NGFW,Prisma Access 10.0.10 previous version

PAN-OS,Cloud NGFW,Prisma Access 9.1.15 previous version

ActiveMQ Content Pack 1.1.15 previous version

Cortex XDR Agent None

Cortex XDR Agent None

Cortex XDR Agent None

Cortex XDR Agent None

Cortex XDR Agent None

Cortex XDR Agent All

PAN-OS,Cloud NGFW,Prisma Access 10.1.11 previous version

PAN-OS,Cloud NGFW,Prisma Access 9.1.17 previous version

 

Resolved Vulnerabilities

 

Command injection vulnerability in PAN-OS, Cloud NGFW, and Prisma Access allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as root on the firewall. (CVE-2024-8686, CVSS 8.6) [1]

An information disclosure vulnerability exists in Palo Alto Networks PAN-OS software (CVE-2024-8687, CVSS 6.9) [3]

A matching symbol disabling vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI). this could allow an authenticated administrator with access to the CLI (including read-only administrators) to read arbitrary files from the firewall. (cve-2024-8688, cvss 6.7) [4]

An issue with ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM in the ActiveMQ Content Pack could allow configured ActiveMQ credentials in the log bundle to be exposed in plain text. (CVE-2024-8689, CVSS 6) [5]

Vulnerability in Cortex XDR Agent that could allow a user with Windows administrator privileges to disable the agent. (CVE-2024-8690, CVSS 5.6) [6]

Vulnerability in PAN-OS, Cloud NGFW, and Prisma Access that could allow a malicious authenticated globalprotect user to impersonate another globalprotect user. (CVE-2024-8691, CVSS 5.3) [7]

 

Vulnerability Patches

 

With the 09/11/2024 update, the following product-specific vulnerability patches were made available

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access 11.2.3 or later versions

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

Prisma Access Browser 128.138.2888.2 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.2.9 on PAN-OS or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access All

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access All

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 11.0.1 or later versions

PAN-OS, GlobalProtect App, Cloud NGFW, Prisma Access 10.2.4 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.1.9 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 10.0.12 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 9.1.16 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 9.0.17 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 8.1.25 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access All

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 6.2.1 or later versions

PAN-OS, GlobalProtect App, Cloud NGFW, Prisma Access 6.1.2 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 6.0.7 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 5.2.13 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access 5.1.12 or later versions

PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access 10.1.1 or later versions

PAN-OS,Cloud NGFW,Prisma Access 10.0.10 or later versions

PAN-OS,Cloud NGFW,Prisma Access 9.1.15 or later versions

PAN-OS,Cloud NGFW,Prisma Access All

ActiveMQ Content Pack 1.1.15 or later versions

Cortex XDR Agent All

Cortex XDR Agent All

Cortex XDR Agent All

Cortex XDR Agent All

Cortex XDR Agent All

Cortex XDR Agent None

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access All

PAN-OS,Cloud NGFW,Prisma Access 10.1.11 or later versions

PAN-OS,Cloud NGFW,Prisma Access 9.1.17 or later versions

PAN-OS,Cloud NGFW,Prisma Access All

 

Referenced Sites

 

[1] PAN-OS: Command Injection Vulnerability

https://security.paloaltonetworks.com/CVE-2024-8686

[2] Prisma Access Browser: Monthly Vulnerability Updates

https://security.paloaltonetworks.com/PAN-SA-2024-0009

[3] PAN-OS: Clearext Exposure of GlobalProtect Portal Passcodes

https://security.paloaltonetworks.com/CVE-2024-8687

[4] PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)

https://security.paloaltonetworks.com/CVE-2024-8688

[5] ActiveMQ Content Pack: Cleartext Exposure of Credentials

https://security.paloaltonetworks.com/CVE-2024-8689

[6] Cortex XDR Agent: Local Windows Administrator Can Disable the Agent

https://security.paloaltonetworks.com/CVE-2024-8690

[7] PAN-OS: User Impersonation in GlobalProtect Portal

https://security.paloaltonetworks.com/CVE-2024-8691

Tags:

Previous Post

Next Post