The Cybersecurity and Infrastructure Security Agency (CISA) is warning of an active attack that is targeting a firewall bug. The bug affects certain versions of Palo Alto Networks (PAN) GlobalProtect Portal and GlobalProtect Gateway.
Urgent Recommendations for Protection
CISA recommends taking the following steps immediately to protect against this attack:
1. Upgrade to PAN-OS 8.1.14 or 9.0.8: Administrators should upgrade both the GlobalProtect Gateway and Portal to PAN-OS 8.1.14 or 9.0.8 in order to address the vulnerability.
2. Monitor Traffic: Monitor inbound and outbound traffic for suspicious activity.
3. Apply Restrictive Access: Establish and enforce restrictive user access to the Gateways and Portal.
4. Implement Firewall Rules: Switches and routers should have strict firewall rules in place to block incoming and outgoing traffic on the affected ports.
What is the Firewall Bug?
The bug in the PAN GlobalProtect Portal and GlobalProtect Gateway is caused by an improper authentication check when processing traffic. This bug can be exploited remotely to allow attackers to access portals and gateways without proper authentication. The exploit enables an attacker to bypass both single-step and two-step authentication processes.
What Information is at Risk?
Organizations using the PAN GlobalProtect Portal and GlobalProtect Gateway are at risk for an attacker gaining access to internal networks and sensitive data. This includes user authentication credentials, personal data, and confidential business information.
Are There Known Attackers?
CISA has not identified any known attackers exploiting this vulnerability at this time.
Call to Action
Organizations using the PAN GlobalProtect Portal and GlobalProtect Gateway should take the steps outlined by CISA to protect themselves immediately. Share this article on social media to help spread awareness and keep networks secure.