Yoav Iellin

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.3 through 7.4 **Description** The issue concerns a potential spoofing attack when the software is configured to use Active Directory Authentication. **Recommendations** For versions 7.3 and 7.4, consider reconfiguring the authentication settings to minimize the risk of spoofing attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions prior to 7.1.26 Palo Alto Networks PAN-OS versions prior to 8.0.21 Palo Alto Networks PAN-OS versions prior to 8.1.13 Palo Alto Networks PAN-OS versions prior to 9.0.6 **Description** An authentication bypass by spoofing issue exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS. This occurs due to the failure to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users, affecting all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. **Recommendations** For versions prior to 7.1.26, update to version 7.1.26 or later. For versions prior to 8.0.21, update to version 8.0.21 or later. For versions prior to 8.1.13, update to version 8.1.13 or later. For versions prior to 9.0.6, update to version 9.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) **Description** The issue is related to errors in the Kerberos protocol implementation, which could allow a remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device configured to perform Kerberos authentication for VPN or local device access. This is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this by spoofing the KDC server response to the ASA device, potentially allowing them to bypass Kerberos authentication and impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.