Palo Alto Networks gateway apps vulnerable to hijacking
If you’re using Palo Alto Network’s GlobalProtect Portal or Gateway, ensure you’re using the latest version of the software. The biz quietlyissued a maintenance update to close a security hole – a trivial string formatting vulnerability no less – that can be potentially exploited by miscreants to hijack installations of the code over the network or internet.
This is a pre-authentication remote-code execution flaw, and it’s present in software that’s typically used on public-facing Palo-Alto-powered firewalls and VPN-based gateways into corporate networks. Thus, the whole situation is un-good: it could be leveraged to infiltrate organisations.