Palo Alto Networks Customer Support ticket leaked

A bug in Palo Alto Networks’ support dashboard has resulted in the unauthorized release of thousands of customer support tickets.

https://www.bleepingcomputer.com/news/security/palo-alto-networks-error-exposed-customer-support-cases-attachments/

The information released includes the name and contact information of the person who created the support ticket, as well as conversations between Palo Alto Networks staff and the customer.

Some support tickets included firewall logs, configuration dumps, and other debug attachments provided to PAN staff by customers.

Palo Alto Networks, a leading provider of cybersecurity and networking products and firewalls, reported that it fixed the problem about eight days after it was reported.

An anonymous end user discovered the issue and told us that he could see approximately 1,989 support cases that did not belong to him or his organization, and shared a screenshot to prove this fact.

In the screenshot, you can see the “Download” icon next to each file.

Other information published in the support ticket includes the following

  • Contact name, title, email address, and phone number of the customer who created the ticket
  • Description of the conversation between PAN support staff and the customer
  • PAN product serial number and model
  • Case number, subject, and request severity ( Critical, High, Medium, Low)

It started on March 10 when I registered for a Palo Alto support account.

After logging in, my browser got stuck in a redirect loop when I tried to access Palo Alto’s knowledge base, and when I tried to log in to the Palo Alto Hub where I could install the Cloud Identity Engine, I got a 403 insufficient permissions was returned.

I raised this issue with support and was told that access to Palo Alto Hub was “fixed.”

But to my surprise, when I logged into the support portal, I found ~1990 support cases on the “My Company Case” tab, not just the ones raised by the user

Palo Alto Networks: data not downloaded, not tampered with

An end user who noticed this access error issued an “important support request” and contacted some PAN members on LinkedIn to inform them that Palo Alto Networks was promptly notified.

According to a Palo Alto Networks spokesperson

We have been notified of an issue that allows legitimate customers to view a small subset of support cases that are not normally viewable

Analysis shows that no data was downloaded or modified. The issue was immediately corrected.

Leave a Reply

Your email address will not be published.