Technology

Palo Alto Network’s Prisma Access Security Update

Lilu Anderson
By Lilu Anderson
Palo Alto Network's Prisma Access Security Update | FinOracle
Photo: Finoracle.net

Critical Security Update for Palo Alto Networks Prisma Access Browser

Palo Alto Networks has recently released a high-severity security update for its Prisma Access Browser, addressing several vulnerabilities linked to the Chromium engine. These vulnerabilities, known under update code PAN-SA-2024-0007, are primarily related to "use after free" errors, type confusion, and insufficient data validation in components like V8, Media Stream, and WebAudio. Such vulnerabilities could allow attackers to execute arbitrary code, compromising the system's confidentiality, integrity, and availability.

Contents
Critical Security Update for Palo Alto Networks Prisma Access BrowserSeverity and ImpactAffected and Unaffected VersionsAdditional Vulnerabilities Across Palo Alto Networks ProductsTimeline of the Update

Severity and Impact

  • Severity: High (CVSSv4.0 Base Score: 8.6)
  • Urgency: Moderate
  • Response Effort: Low
  • Recovery: Automatic
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Active

Affected and Unaffected Versions

The affected versions include all iterations of the Prisma Access Browser below version 126.183.2844.1. In contrast, versions 127.100.2858.4 and later are not affected. Users are strongly encouraged to upgrade to this version or beyond to counteract these vulnerabilities.

Additional Vulnerabilities Across Palo Alto Networks Products

Apart from the Prisma Access Browser, Palo Alto Networks has addressed several other security vulnerabilities:

  • CVE-2024-5914: A command injection flaw in the Cortex XSOAR CommonScripts pack (versions below 1.12.33), which allows unauthenticated attackers to execute arbitrary commands.
  • CVE-2024-5915: A local privilege escalation issue in the GlobalProtect App on Windows (versions below 6.3.1), enabling local users to run programs with elevated privileges.
  • CVE-2024-5916: Cleartext exposure of external system secrets in PAN-OS (versions 11.0 below 11.0.4 and 10.2 below 10.2.8), allowing local administrators to access sensitive information like passwords and tokens.

Timeline of the Update

  • August 14, 2024: Initial publication of the vulnerability advisory.
  • August 15, 2024: Clarification of affected and unaffected versions.

For more detailed information about the specific CVEs addressed, users are encouraged to review the Chromium stable channel updates from July and August 2024. These updates provide insights into the security enhancements integrated into the Prisma Access Browser to guard against potential exploits.

TAGGED:
Share This Article
Lilu Anderson
ByLilu Anderson
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.

Related Stories

Uncover the stories that related to the post!