zero-day vulnerability in Palo Alto firewalls exploited in the wild

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
imagine with me for a second that you're someone who wants to design a network and you want to build this network in a way that prevents Hackers from getting in can your firewall get hacked in this video we're going to talk about a recent vulnerability that just got dropped uh regarding poo alto's pan Os or their poo Alto Network OS that's on their firewall line that allows arbitrary remote users to exploit the firewall and get code execution on the firewall also if you're new here hi my name is l learning I make videos about software security programming in general so if you like that stuff for want to hang out with me hit that sub button I really appreciate it also new addition to this video I'm going to have a wood rust have fixed this meter to see if the vulnerabilities that are coming out nowadays would have been fixed by memory safe language so at the end of this video we'll kind of break down why or why not Russ could have fixed this so stick around for that so if you're not aware of what Palo Alto is Palo Alto is a company in California that does a bunch of cybercity technology related stuff uh in particular they do primarily two functions they do threat intelligence where they will produce reports and inform people when major hacks are happening via the sensors they have around the world but more importantly for this video they make firewalls right so to run the firewalls they have this thing called pan Os or poo Alto networks OS and it's software that runs on the firewall so this bug is 2204 3400 uh and it's rated a 10 out of 10 and I think personally this is a proper 10 out of 10 as opposed to the rust video that I did a couple days ago and we'll link that up here in the in the cards uh but yes let's talk about what this bug actually is and why it's a pretty big deal and I think is way of getting people to kind of reframe how they think about it right so a command injection vulnerability in the global protect feature of poo Alo Network's pan OS software for specific pan OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall so if you just read that it's like oh my God not only is it running code as a root privilege on the firewall it's a command injection vulnerab so typically when you have exploits right they're really difficult to run and to do correctly because you know you have to write the exploit in a certain way you have to get all the offsets correct you have to know where your payload lives to do the proper memory exploitation when a command injection bug exists there's no logic you have to bypass there's no magical things you have to say in the right order to make the bug happen it just happens you can arbitrarily run commands and again when it happens as root that that is even worse fixes for Panos 102 and 11 are in development and are expected to release on April 14 2024 and I think it' be unethical of me if I didn't talk about the workaround for this so if you are currently using one of the above versions that is affected please read this and listen to me and it's going to tell you how you can actually turn off the vulnerability which also kind of alludes to where the vulnerability potentially is uh if you are unable to apply the threat protection base mitigation at this time so they have published a signature that will flag the attack so you can install that right now on your firewall uh you can still mitigate the impact of the vulnerability by temporarily disabling device Telemetry until the device is upgraded to a fixed Panos version once upgraded device Telemetry should be re-enabled on the device right so basically they're telling hey if you can't add the signature turn off this one feature and then once the upgrade happens turn that feature back on which kind of alludes to like hey the bug is likely in something about the way the firewall collects Telemetry back to Pao Alto um which isn't that great this is kind of where I think people need to remember like if you have a network and you want to protect it obviously install a firewall put the firewall in place make sure it's it's got that all all the right rules set up uh and it's set up in a way that it routes the traffic and filters traffic and does IDs and IPS the way you want it to the thing is just like we had a talk before about how the kernel is just code firewalls are just code too there is just software on the firewall written by humans that is meant to inspect your data and do flagging an analysis on that data if the code that runs the firewall is vulnerable to certain kinds of exploits then the firewall is as much of a threat as the clients in the network I think it's really interesting to uh think about that because I think often times it's it's an overlooked piece of it personally so all because you put a firewall on the network make sure it's a good firewall make sure it's a firewall that actually matters and I'm not saying that poo Alo makes bad stuff P Alo is actually notoriously one of the best companies for the best firewalls it's just to highlight that you know everyone makes mistakes and sometimes certain companies you know sometimes there are vulnerabilities in firewalls and that's okay now drum roll would a would rust have fixed his vulnerability so in the case for a lot of exploits the answer is often yes uh in this case no a command injection vulnerability would not have been fixed by rust right so what's typically Happening Here is they have some input from the user that input from the user is going into a system call literally the function system or maybe Po openen and something about the input that data was not sanitized by the programmer so you can put arbitrary data in there if they had implemented the same logic they have here in Rust rust would not have fixed this unfortunately there's actually a 10 out of 10 vulnerability found in Rust that unlike this bug I don't think Justified a 10 out of 10 so if you like this video please hit like hit subscribe and then go check out this video about that bug we'll see you guys over there
Info
Channel: Low Level Learning
Views: 112,446
Rating: undefined out of 5
Keywords: apple, apple m1, m1 bug, cpu bug, hackers, vulnerability, cache
Id: iZ2tUmAkFV0
Channel Id: undefined
Length: 5min 23sec (323 seconds)
Published: Fri Apr 12 2024
Related Videos
i cant stop thinking about this exploit
Low Level Learning
121K
this is a warning to anyone using php
Low Level Learning
184K
i changed my mind about zig
Low Level Learning
130K
It's Been a Good Run, Drywall.
LRN2DIY
2.5M
Linux Based Productivity setup - College edition 2024
Edward
7.7K
Is Valorant Spyware?
The PC Security Channel
641K
The ARM chip race is getting wild… Apple M4 unveiled
Fireship
67K
It’s Been a Good Run, Phone Providers.
Data Slayer
3.7M
secret backdoor found in open source software (xz situation breakdown)
Low Level Learning
416K
US Government declares the safest programming language
Low Level Learning
91K
Interview with Senior JS Developer 2024 [NEW]
Programmers are also human
366K
nation state hackers caught exploiting cisco firewalls
Low Level Learning
191K
new linux exploit is absolutely insane
Low Level Learning
405K
this Cybersecurity Platform is FREE
John Hammond
507K
Detect Hackers & Malware on your Computer (literally for free)
John Hammond
283K
The purest coding style, where bugs are near impossible
Coderized
812K
Day 1 Training : Palo Alto Firewall Training (PCNSA/PCNSE)
I-MEDITA (IT Training Academy)
6.7K
Why Is Microsoft Office So Expensive?
Techquickie
328K
Breaking Bitlocker - Bypassing the Windows Disk Encryption
stacksmashing
825K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.