From theregister.co.uk
Palo Alto Networks gateway apps vulnerable to hijacking
If you’re using Palo Alto Network’s GlobalProtect Portal or Gateway, ensure you’re using the latest version of the software. The biz quietlyissued a maintenance update to close a security hole – a trivial string formatting vulnerability no less – that can be potentially exploited by miscreants to hijack installations of the code over the network or internet.
This is a pre-authentication remote-code execution flaw, and it’s present in software that’s typically used on public-facing Palo-Alto-powered firewalls and VPN-based gateways into corporate networks. Thus, the whole situation is un-good: it could be leveraged to infiltrate organisations.