Malware Devil

Loading...

Friday, August 14, 2020

ESB-2020.2804.2 – UPDATE [Appliance] PAN-OS: No impact expected 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2804.2
        PAN-SA-2020-0008 BootHole Vulnerability Impact on Palo Alto
                         Networks PAN-OS Software
                              14 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           PAN-OS
Publisher:         Palo Alto
Operating System:  Network Appliance
Resolution:        None
CVE Names:         CVE-2020-15707 CVE-2020-15706 CVE-2020-15705
                   CVE-2020-14311 CVE-2020-14310 CVE-2020-14309
                   CVE-2020-14308 CVE-2020-10713 

Reference:         ASB-2020.0136
                   ASB-2020.0135
                   ESB-2020.2589.2

Original Bulletin: 
   https://securityadvisories.paloaltonetworks.com/PAN-SA-2020-0008

Comment: In summary, Palo Alto advise that BootHole has no effect on their
         appliances running PAN-OS under normal conditions.
         
         It could be an issue if an attacker gained root access.

Revision History:  August 14 2020: Corrected title to reflect security impact
                   August 14 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Palo Alto Networks Security Advisories / PAN-SA-2020-0008

PAN-SA-2020-0008 Informational: BootHole Vulnerability Impact on Palo Alto
Networks PAN-OS Software

047910
Severity 0 . NONE
Attack Vector LOCAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE
JSON     
Published 2020-08-12
Updated 2020-08-12
Reference
Discovered externally

Description

Palo Alto Networks is aware of the vulnerability known as BootHole
(CVE-2020-10713) that affects the Grand Unified Bootloader (GRUB) used in Palo
Alto Networks PAN-OS software.

BootHole is a buffer overflow vulnerability that occurs in GRUB2 when parsing
an attacker-controlled grub.cfg file. This vulnerability enables arbitrary code
execution within the boot environment, which allows persistent control of the
system.

It is not possible for malicious actors or PAN-OS administrators to exploit
this vulnerability under normal conditions. Administrators do not have access
to the grub configuration file nor do they have permission to modify it. An
attacker would need to first compromise the system and then get the root Linux
privileges necessary to perform these actions before they could exploit this
vulnerability. The BootHole vulnerability itself does not allow an attacker to
compromise PAN-OS software.

Palo Alto Networks is not aware of any malicious exploitation of this
vulnerability.

The Palo Alto Networks Product Security Assurance team evaluated this potential
vulnerability and determined that the scenarios required for successful
exploitation of the BootHole vulnerability do not exist on PAN-OS software
under normal conditions.

     CVE       CVSS                           Summary
                    Conditions required for exploiting this vulnerability do
CVE-2020-14308      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-14309      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-14310      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-14311      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-15706      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-15707      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-10713      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.
                    Conditions required for exploiting this vulnerability do
CVE-2020-15705      not exist in PAN-OS software. Hence PAN-OS software is not
                    impacted.

Product Status

PAN-OS

Versions Affected Unaffected
- -                 all

Required Configuration for Exposure

This vulnerability is exploitable only when an attacker already compromised the
PAN-OS software and gained root Linux privileges on the system. This is not
possible under normal conditions.

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N)

Weakness Type

CWE-120 Buffer Overflow

Solution

Palo Alto Networks is working on a fix for the BootHole vulnerability that will
prevent an attacker with root privileges from being able to exploit it. The
workarounds provided can help mitigate the risk of this issue until that fix is
released. There are currently no PAN-OS updates available for this issue.

Workarounds and Mitigations

This vulnerability requires an attacker to compromise PAN-OS software before
they can successfully exploit it. The risk of exploitation on PAN-OS software
is reduced by upgrading your appliances to the latest versions.

This issue impacts the PAN-OS management interface but you can additionally
mitigate the impact of this issue by following best practices for securing the
PAN-OS management interface. Please review the Best Practices for Securing
Administrative Access on the PAN-OS technical documentation website at https://
docs.paloaltonetworks.com/best-practices.

Timeline

2020-08-12 Initial publication

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXzYLdeNLKJtyKPYoAQg4kQ//TKHFsMXoWZIJyM6RS5PbtEg2g6GjkzSr
w4RwKlHKrMp7fT8Owt1LiF4sBFEc++zS27MgreMc5i6nXjj3XKVIf/h2+r3AjdhJ
pQpUa5jgilViZcHRcUv23SaHi+Dtxa6ix4jauaqtpPPaEtKql6LVJ9rnbrTta7tk
4mbR0MhMGKH0Gf0EiNmmT6qP7d/NUS2RJ3CmYgGnn7VG7O+O3/78T36/FlnDKwLz
+IzaeaUIgBCUz+lld48v7XrzY4rVb1u07A4XeXe4dAwZE/cB1Vh+4jwmTygK+TAg
iRKlCmBUhUVuMSpdqDWmmPsPSOnfwSczzMd7rDzmV1mGBSJE0xIXWYdgqOTSexUz
aE1QkUxydyr1kWhA5PL9NFIOihT9CeCi3y3IroWDUGivBEwJ1wgrkEyOuwKhDKil
9DLVsPBnvoriq5cCcAXqRAzlcbcGENxq7g0FQOyVJb5qj7EKQCcVx0diG1P2jscv
/of8muodGAgcj/P9rD7UfOEgu4sYfBMf4AdyjohPKOnJ6DBlcsykROBoUPh9tdgu
ITI5Uc5voER1QPoOjjIBN+hFw9P9gUZSN8rvQdlHk9xie3vO/UNDDavR3YI8bK8t
JIWOk+gVEEIpU7QzJTt+UouFKJWWwsr3iaWpE3d6mSvp1O2U4m6+epByRINQN0LX
vDmU+GFgIrU=
=uN+X
-----END PGP SIGNATURE-----

Read More



https://www.malwaredevil.com/2020/08/14/esb-2020-2804-2-update-appliance-pan-os-no-impact-expected/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2804-2-update-appliance-pan-os-no-impact-expected
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...