Palo Alto Networks Security Advisory (PAN-SA-2015-0006)
Posted: 26/10/2015
API key automatic revocation
Summary
An issue has been identified in PAN-OS that prevents old management API keys from being invalidated upon password change until the device is rebooted. This issue can create a period of time during which an administrator changes the account password, thus creating a new API key, but the old API key is still valid until device reboot.
Severity: Medium
This issue affects the management interface of the device. Network security best practices suggest administering security devices from an out-of-band network, reducing the exposed attack surface.
Products Affected
PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7
Available Updates
PAN-OS 7.0.2 PAN-OS 6.1.7
Workarounds and Mitigations
Administrators are advised to upgrade to PAN-OS 7.0.2 or 6.1.7 to correct the issue. As a mitigation, administrators may restart the management server of the device after administrator account password changes.
Keep up to date with the latest news
We will be keeping up to date with all the latest information and updates, so please get in touch with any questions or concerns at support@teneo.net
To keep up to date with what we know, follow us on Twitter
Comments
0 comments
Article is closed for comments.