Skip to content

Palo Alto Networks addresses the Blast-RADIUS vulnerability disclosure

  • by
  • 2 min read

Palo Alto Networks has released patches for multiple security vulnerabilities, including the critical Blast-RADIUS vulnerability in its Expedition and Panorama tools. Its PAN-OS firewalls have also been patched to prevent exploiting a Blast-RADIUS attack. However, the cybersecurity firm hasn’t seen any evidence of Blast-RADIUS being exploited in the wild.

The highest-priority fix was delivered to the Expedition tool, which suffered from missing authentication for a critical function vulnerability tracked as CVE-2024-5910, which has a critical CVSS score of 9.3. If exploited, the vulnerability allows an attacker with network access to the tool to take over an Expedition admin account. The bug was present in all versions before 1.2.92.

Another high-severity vulnerability was fixed in the Panorama software that could lead to Denial-of-Service (DoS) attacks if exploited. The bug, tracked as CVE-2024-5911 and rated at CVSS 7, requires an attacker to be authenticated to the tool’s web interface as a read-write administrator, so the risk of exploitation isn’t as high. Contrary to the aforementioned CVE-2024-5910 vulnerability, Yasukazu Miyashita found this issue internally during an internal security review.

The Blast-RADIUS attack also affected several of Palo Alto’s offerings, including all Prisma Access versions. The company addressed the vulnerability by issuing patches for respective programs. Its PAN-OS firewall uses CHAP and PAP protocols, which work without Transport Layer Security (TLS) and hence are vulnerable to man-in-the-middle (MITM) attacks such as Blast-RADIUS.

“This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile,” reads the advisory issued by Palo Alto.

The advisory also pointed out that firewalls configured with EAP-TTLS with PAP are not vulnerable to the attack. While there’s no evidence of in-the-wild exploitation, the company is aware of the proof-of-concept code demonstrating how to exploit the issue.

In the News: Google Photos users can now transfer collections to iCloud Photos

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>