Recent security developments have revealed a significant vulnerability within the PAN-OS system, although it is important to note that this issue does not affect the company’s Cloud NGFW or Prisma Access software.

Greynoise reported that exploitation of this vulnerability commenced on Tuesday of this week. In response to the situation, Assetnote released a study outlining the details of the security gap the following day, while Palo Alto Networks issued an official advisory on the same day as well.

The ‘Weird Path-Processing Behavior’

According to Assetnote, the vulnerability stems from an unusual path-processing behavior observed in the Apache HTTP server component of PAN-OS. This aspect of the software, along with Nginx, is responsible for handling the web requests directed towards the PAN-OS management interface. Initially, web requests reach the Nginx reverse proxy, and if the request is sent to an appropriate port indicating it is meant for the management interface, PAN-OS assigns several headers, with the X-pan AuthCheck being the most critical. Following this, Nginx performs various checks on the location and may, under specific conditions, disable the authentication check. Subsequently, the request is forwarded to Apache, which has the job of re-normalizing and further processing the request while potentially applying a rewrite rule.

A crucial point of concern arises from the way Apache and Nginx handle path information and headers. If their interpretations diverge before the request is forwarded to PHP for handling, it presents an opportunity for an attacker to exploit this discrepancy, potentially bypassing the required authentication.

Assetnote emphasizes that this issue reflects a widespread architectural flaw seen in many systems. It highlights a scenario where authentication checks are applied at the proxy layer, yet the request passes through another layer exhibiting different handling characteristics. “Fundamentally,” the research indicated, “these architectures result in header smuggling and path confusion, leading to numerous significant vulnerabilities.”

Source
www.networkworld.com

Threat Actors Exploiting Vulnerability in Palo Alto Networks Firewall: Report

The ‘Weird Path-Processing Behavior’

Chase CISO Critiques Security of Industry SaaS Solutions

Palo Alto Networks Acquires Protect AI to Enhance AI Security Platform

Google Warns of Increasing Enterprise-Specific Zero-Day Exploits

Amber Gray, Taylor Iman Jones, and More to Star in Arena Stage’s A WRINKLE IN TIME

4/29: CBS News Daily Briefing

Lars Klingbeil Set to Assume Roles of German Vice Chancellor and Finance Minister: SPD

Breaking news

4/29: CBS News Daily Briefing

Americans Nationwide Evaluate President Donald Trump’s First 100 Days

Wall Street’s Latest Stock Split: Surging Over 127,100% Since IPO, Now Initiating Its 9th Split in 37 Years

New Brunswick Musician Turned MP David Myles Pledges to “Get to Work Immediately”

Swedish Police Detain Teenager Following Uppsala Shooting That Left Three Dead

Raj Kapoor Didn’t Want Mumtaz to Work After Marrying Shammi Kapoor: ‘Bahu Shouldn’t Work…’

Lori Vallow Daybell Found Guilty – CBS News