Palo Alto Networks Warn Users Of Their Gear Of “Infinite Loop” Bug

Bleeping Computer has reported that Palo Alto Networks has warned customers that some of its firewall, VPN and XDR products are vulnerable to a high severity OpenSSL infinite loop bug which was disclosed three weeks ago. The vulnerability, if exploited, can trigger a DoS attack and can remotely crash devices running unpatched software. 

Darren Williams, CEO, BlackFog had this to say:

“Attacks on VPN’s and other services such as SSL continue to be great targets for cyber criminals. The rewards are huge with access to unlimited data from corporations that use these services and tunnel their data through a third party. VPN’s were never designed to be security solutions, but a means to connect to corporate networks. Organizations should be focused on next generation cybersecurity solutions that operate on the device itself and protect the data exfiltration from the device. Perimeter defense techniques while important, are just part of the overall design of modern cybersecurity.”

I should also note that the infinite loop bug also affects QNAP NAS devices. Thus owners of those NAS devices should follow the advice in this note from QNAP on this issue and patch their devices when patches become available.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: