Security researchers have discovered a new critical vulnerability in both FortiOS and Palo Alto Networks firewalls that could allow attackers to bypass authentication and execute arbitrary code on affected systems.
According to the researchers, the flaw lies in the way the firewalls handle user authentication requests. Specifically, the vulnerability can be triggered by sending a specially crafted authentication packet to the targeted device. Successful exploitation of the flaw could give an attacker complete control over the firewall, allowing them to steal sensitive data, alter configurations, or launch further attacks on other devices connected to the network.
The researchers have alerted both Fortinet and Palo Alto Networks to the vulnerability, and both companies have released patches to address the issue. Users of these products are urged to update their systems as soon as possible to protect against potential attacks.
This is not the first time that Fortinet or Palo Alto Networks have had to address critical security flaws in their products. Last year, Fortinet had to issue a patch to fix a vulnerability that could have allowed attackers to access sensitive information stored on the company’s servers. Similarly, in 2021, Palo Alto Networks had to issue a patch to fix a critical vulnerability that could have allowed attackers to bypass authentication and gain unauthorized access to the company’s firewall systems.
As always, it is critical for organizations to stay vigilant about their cybersecurity posture and take prompt action to address any vulnerabilities in their systems. The discovery of this latest critical flaw serves as a reminder of the ongoing need to remain vigilant against potential security threats.