Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

The most severe flaw is a buffer overflow issue can be exploited by a remote, unauthenticated attacker to disrupt system processes and possibly to execute arbitrary code with root permissions.

The vulnerability, tracked as CVE-2020-2040, could be exploited by sending specially crafted requests to the Multi-Factor Authentication (MFA) interface or the Captive Portal.

“A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.” reads the advisory published by the vendor.

The flaw received a CVSS score of 9.8, it impacts all versions of PAN-OS 8.0, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, PAN-OS 9.1 versions earlier than PAN-OS 9.1.3..

Another severe flaw addressed by the company is Reflected Cross-Site Scripting (XSS) issue in PAN-OS, tracked as CVE-2020-2036, that resides in the management web interface.

“A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.” reads the advisory. “A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions.”

The flaw received a CVSS score of 8.8, it affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.16 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.

Palo Alto Networks also addressed a Management web interface denial-of-service (DoS) issue in PAN-OS, which is tracked as CVE-2020-2041.

“An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.” reads the advisory. “Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.”

The full list of vulnerabilities addressed by the company is available here.

Palo Alto Networks says it’s not aware of attacks in the wild exploiting the able vulnerabilities.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Palo Alto Networks)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.