Palo Alto Networks Firewalls Vulnerable to Remote Code Execution

A vulnerability in Palo Alto Networks firewall products running PAN-OS could allow a threat actor to remotely execute code with root privileges. The vulnerability, dubbed CVE-2017-15944, affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.5 and earlier. Networks are vulnerable to attack only if their web management interface is left exposed to the internet. A search on Shodan returned results indicating 46 Palo Alto firewalls in New Jersey are vulnerable. Palo Alto has released updates for this vulnerability, as well as fixes for four other flaws [123,4]. The NJCCIC recommends users and administrators of Palo Alto firewall products apply the most recent updates as soon as possible. We also recommend limiting the access of Palo Alto firewall’s web management interface to the local area network (LAN) only.