Written by Sean Lyngaas
Cyber ââsecurity researchers on Wednesday revealed four new vulnerabilities in enterprise software used by thousands of companies around the world that, if exploited, could be used to steal data over internal networks.
The PAN operating system (PAN-OS) bugs created by Palo Alto Networks add to a growing list of vulnerabilities in widely used enterprise software that researchers discovered in 2020. Some of these vulnerabilities, such as a loopholes in software created by Citrix, have been used in spy operations and other hacking operations.
In the case of the PAN-OS flaws, discovered by security firm Positive Technologies, CyberScoop has not seen any evidence that hackers have successfully exploited them. Palo Alto Networks has released fixes for all vulnerabilities and has asked customers to apply them.
One of the most critical vulnerabilities could allow a hacker who first enters the management interface of the software to implant malicious code into the operating system and gain “maximum privileges” on the system. , according to researchers at Positive Technologies. Another bug could allow a hacker to seize the software by tricking an administrator into clicking a malicious link.
Exploitation of these flaws requires accessing the PAN-OS software’s “administration panel”, a kind of skeleton key for corporate software. Many organizations host this panel on their internal networks. However, some organizations make it accessible from the outside, thereby increasing their security risk, said Mikhail Klyuchnikov, positive technologies researcher.
The series of vulnerabilities found in enterprise software this year have sparked warnings from U.S. government agencies and left some analysts wondering if there is an underlying problem with coding practices in the industry. And concerns about software flaws have only been exacerbated by the increased reliance of businesses on telecommuting during the coronavirus pandemic.
In July, the Department of Homeland Security and the US Cyber ââCommand urged organizations to update their software to address another PAN-OS vulnerability. Cyber ââCommand then said that hackers linked to foreign governments would soon try to exploit the vulnerability. That same month, researchers discovered a vulnerability in software giant SAP’s applications that they say has affected up to 40,000 SAP customers.