Cybersecurity

7566 readers

125 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Palo Alto warns firewalls flaws are under active attack (go.theregister.com)

submitted 3 months ago by [email protected] to c/cybersecurity

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 3 months ago (1 children)

However, keeping the management console away from public access isn't a foolproof solution. Palo Alto warns that even if you've limited access to the console to a restricted set of internal IP addresses, unpatched systems remain vulnerable, although the risk was "greatly reduced."

Exposing management consoles to the internet is a known risk. Security vendors strongly advise against it unless absolutely necessary, though it remains a "challenge" for some, as one vendor politely told us. Some admins expose the consoles to the public internet as it eases remote management chores, and hope security through obscurity protects them

PAN declined to specify how many customers are affected, but historically, most users keep their management interfaces private. Still, even those with restricted access must patch to stay secure.

I am sort of assuming that stuff about "greatly reduced" means, if an attacker can get into one of the systems on your network, there's about a 90% chance that they can then access the management port on the router from the "friendlies" side of it, and with access to the router they can greatly increase their invasiveness if they are a motivated attacker.

[–] [email protected] 1 points 3 months ago (1 children)

PAN already had a vuln not long ago that affected the mgt port access. If it’s still exposed then you have bigger issues.

[–] [email protected] 2 points 3 months ago

Oh... that might explain it too. They mentioned a few different vulnerabilities combining together in nasty ways. That would certainly qualify.