Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.
The most severe flaw is a buffer overflow issue can be exploited by a remote, unauthenticated attacker to disrupt system processes and possibly to execute arbitrary code with root permissions.
The vulnerability, tracked as CVE-2020-2040, could be exploited by sending specially crafted requests to the Multi-Factor Authentication (MFA) interface or the Captive Portal.
“A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.” reads the advisory published by the vendor.
The flaw received a CVSS score of 9.8, it impacts all versions of PAN-OS 8.0, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, PAN-OS 9.1 versions earlier than PAN-OS 9.1.3..
Another severe flaw addressed by the company is Reflected Cross-Site Scripting (XSS) issue in PAN-OS, tracked as CVE-2020-2036, that resides in the management web interface.
“A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.” reads the advisory. “A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions.”
The flaw received a CVSS score of 8.8, it affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.16 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
Palo Alto Networks also addressed a Management web interface denial-of-service (DoS) issue in PAN-OS, which is tracked as CVE-2020-2041.
“An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.” reads the advisory. “Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.”
The full list of vulnerabilities addressed by the company is available here.
Palo Alto Networks says it’s not aware of attacks in the wild exploiting the able vulnerabilities.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Palo Alto Networks)
[adrotate banner=”5″]
[adrotate banner=”13″]