Palo Alto Networks exposes customer support cases and attachments


By MYBRANDBOOK


Palo Alto Networks exposes customer support cases and attachments

A bug in the support dashboard of Palo Alto Networks (PAN), a leading provider of cybersecurity and networking products and firewalls, exposed thousands of customer support tickets to an unauthorized individual.

 

The information included names and (business) contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer. The company said it has now fixed the issue.

 

A misconfiguration in the support system of Palo Alto Networks allowed sensitive information disclosure, letting a customer access private support tickets from other companies. A PAN customer discovered the issue this month and reported it to Palo Alto Networks staff.

 

Some of these support cases had file attachments such as firewall logs, configuration dumps, network security group (NSG) layouts, images of error messages, and similar internal files shared by customers with Palo Alto Networks for troubleshooting purposes.

 

Some other information exposed in the support tickets included contact name, title, email address and phone number of the customer creating the tickets, contents of conversations between PAN support staff and customers, PAN Product serial number and model and case numbers, subject line, and request severity.

 

PAN said that no data was downloaded and implies that the scope of the leak remained limited to just one customer. However, the bug fix took approximately eight days, after which the customer's access to the 1,900 unrelated tickets was revoked.

 

A Palo Alto Networks spokesperson said, “We were notified of an issue that allowed an authorized customer to view a small subset of support cases, which they typically would not be able to view. We immediately initiated an investigation and identified it was due to a permission misconfiguration error in a support system. Our analysis confirmed no data was downloaded or altered, and the issue was immediately remediated.”

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org