The National Cyber Emergency Response Team of Pakistan (PKCERT) has issued an urgent advisory highlighting significant security vulnerabilities in Virtual Private Network (VPN) services provided by Palo Alto Networks and SonicWall. These vulnerabilities pose substantial risks to Pakistani networks, potentially allowing unauthorized access to sensitive institutional data.
Serious issues were recently identified in the web control interfaces utilized by Palo Alto Networks and SonicWall VPN products. The identified vulnerabilities would be exploited by attackers to circumvent authentication protocols, thereby granting them unlawful access to network systems without the need for valid credentials. The security breaches lead to the complete loss of authority over network security devices and the theft of data.
PKCERT has issued an order to all ministries, divisions, and institutions to implement imperative cybersecurity framework strengthening procedures:
According to PKCERT, organizations that fail to implement their security measures will experience severe breaches that result in unauthorized data access and the loss of control over network security devices.
The advisory is in compliance with international cybersecurity regulations. Because hackers have exploited these vulnerabilities in active intrusions, CISA has incorporated Palo Alto Networks and SonicWall product vulnerabilities into their Known Exploited Vulnerabilities catalog. In order to ensure network security, the Cybersecurity and Infrastructure Security Agency of the United States mandates that federal agencies address these vulnerabilities by March 11, 2025.
Recent security developments necessitate that Pakistani institutions significantly enhance their current cybersecurity defenses. PKCERT offers organizations security guidelines that facilitate the enhancement of digital asset protection and the maintenance of a robust network security structure management.