https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39029#M28609 <HTML><HEAD></HEAD><BODY><P>But that doesnt matter.</P><P></P><P>The firewall (specially if its a modern NGFW from the 21th century) should be able to protect itself.</P><P></P><P>That is force authentication before you can do anything remotely close to management of the device.</P><P></P><P>That is default deny which all PA slides talk about regarding PA's security policy.</P><P></P><P>Would be great if a PA representative could add some info in this thread regarding why 46728 doesnt show up on the <A href="http://securityadvisories.paloaltonetworks.com/" title="http://securityadvisories.paloaltonetworks.com/">Submit Form</A> list?</P><P></P><P>This security hole is as bad as the backdoor in DLINK equipment described in:</P><P></P><P><A class="jive-link-external-small" href="http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf">http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf</A></P><P></P><P>Or for that matter the nice backdoor into TP-LINK equipment:</P><P></P><P><A href="http://sekurak.pl/tp-link-httptftp-backdoor/" title="http://sekurak.pl/tp-link-httptftp-backdoor/">http://sekurak.pl/tp-link-httptftp-backdoor/</A></P><P></P><P><A href="http://sekurak.pl/more-information-about-tp-link-backdoor/" title="http://sekurak.pl/more-information-about-tp-link-backdoor/"> More information about TP-Link backdoor</A></P></BODY></HTML> Sat, 13 Apr 2013 08:17:48 GMT mikand 2013-04-13T08:17:48Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39024#M28604 <HTML><HEAD></HEAD><BODY><P>I noticed that in the release notes for PANOS 5.0.4, there was a reasonably serious security issue pointed out:</P><P data-canvas-width="44.64" data-font-name="g_font_p0_1" dir="ltr" style="font-size: 16px; font-family: serif;"></P><UL><LI>46728 -&nbsp; A Tech Support file generated on the firewall could be <SPAN class="highlight selected">downloaded</SPAN> without the admin being prompted for user authentication. The issue is now fixed.</LI></UL><P></P><P>To me this is kind of a big deal... being able to download the equivalent of a 'show tech' could reveal at the very least the entire firewall's configuration, right?</P><P></P><P>That's what led me to creating this thread... does PA issue security advisories for their products? I wouldn't have even noticed this issue existed or was fixed in 5.0.4 if I hadn't pulled down and read the release notes.</P></BODY></HTML> Fri, 12 Apr 2013 20:25:35 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39024#M28604 ericgearhart 2013-04-12T20:25:35Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39025#M28605 <HTML><HEAD></HEAD><BODY><P>Yes, you can find them here: <A href="http://securityadvisories.paloaltonetworks.com">http://securityadvisories.paloaltonetworks.com</A></P><P></P><P>It would probably be best to consult your local Palo Alto SE about that ticket and the details. </P></BODY></HTML> Fri, 12 Apr 2013 20:48:55 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39025#M28605 mharding 2013-04-12T20:48:55Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39026#M28606 <HTML><HEAD></HEAD><BODY><P>The interesting thing is that 46728 isn't listed at <A href="http://securityadvisories.paloaltonetworks.com/" title="http://securityadvisories.paloaltonetworks.com/">http://securityadvisories.paloaltonetworks.com/</A> ...</P></BODY></HTML> Fri, 12 Apr 2013 20:55:50 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39026#M28606 ericgearhart 2013-04-12T20:55:50Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39027#M28607 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote" modifiedtitle="true"> <P>umphmharding wrote:</P> <P></P> <P>It would probably be best to consult your local Palo Alto SE about that ticket and the details.</P> </PRE><P></P><P>I can see the details myself!</P><P></P><P><SPAN>If I do a 'wget </SPAN><A class="jive-link-external-small" href="https://my-PA-firewall/device/export.file.php">https://my-PA-firewall/device/export.file.php</A><SPAN>' I can pull a generated tech support file without being authenticated!</SPAN></P></BODY></HTML> Fri, 12 Apr 2013 21:25:03 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39027#M28607 ericgearhart 2013-04-12T21:25:03Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39028#M28608 <HTML><HEAD></HEAD><BODY><P>It is an issue, and it was fixed, but best practice is to lock down your management interface to a few select IP addresses belonging to your administrators. </P></BODY></HTML> Sat, 13 Apr 2013 00:37:58 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39028#M28608 mharding 2013-04-13T00:37:58Z https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39029#M28609 <HTML><HEAD></HEAD><BODY><P>But that doesnt matter.</P><P></P><P>The firewall (specially if its a modern NGFW from the 21th century) should be able to protect itself.</P><P></P><P>That is force authentication before you can do anything remotely close to management of the device.</P><P></P><P>That is default deny which all PA slides talk about regarding PA's security policy.</P><P></P><P>Would be great if a PA representative could add some info in this thread regarding why 46728 doesnt show up on the <A href="http://securityadvisories.paloaltonetworks.com/" title="http://securityadvisories.paloaltonetworks.com/">Submit Form</A> list?</P><P></P><P>This security hole is as bad as the backdoor in DLINK equipment described in:</P><P></P><P><A class="jive-link-external-small" href="http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf">http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf</A></P><P></P><P>Or for that matter the nice backdoor into TP-LINK equipment:</P><P></P><P><A href="http://sekurak.pl/tp-link-httptftp-backdoor/" title="http://sekurak.pl/tp-link-httptftp-backdoor/">http://sekurak.pl/tp-link-httptftp-backdoor/</A></P><P></P><P><A href="http://sekurak.pl/more-information-about-tp-link-backdoor/" title="http://sekurak.pl/more-information-about-tp-link-backdoor/"> More information about TP-Link backdoor</A></P></BODY></HTML> Sat, 13 Apr 2013 08:17:48 GMT https://live.paloaltonetworks.com/t5/general-topics/does-palo-alto-issue-security-advisories-for-security-related/m-p/39029#M28609 mikand 2013-04-13T08:17:48Z