Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software.

Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software.

“An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.” reads the advisory published by Palo Alto Networks.

The vulnerability resides in the web interface of its PAN-OS 8.1 software, a network-based attacker with specific knowledge of the targeted firewall or Panorama appliance can exploit the issue to impersonate an existing PAN-OS admin and perform privileged actions.

Below is the list of affected versions:

Versions	Affected	Unaffected
Cloud NGFW	None	All
PAN-OS 10.2	None	All
PAN-OS 10.1	None	All
PAN-OS 10.0	None	All
PAN-OS 9.1	None	All
PAN-OS 9.0	None	All
PAN-OS 8.1	< 8.1.24	>= 8.1.24
Prisma Access	None	All

The flaw was addressed in PAN-OS 8.1.24 and later versions, the company pointed out that PAN-OS 8.1 has reached end-of-life (EOL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances until they reach EOL status as well.

The security vendor said it is not aware of any malicious exploitation of this issue.

The flaws are tracked as CVE-2022-37913 and CVE-2022-37914, and they can be exploited remotely by an unauthenticated attacker to obtain admin privileges on the targeted system. An advisory describing the vulnerabilities was published on October 11.

The advisory also informs Aruba customers about a critical unauthenticated remote code execution vulnerability (CVE-2022-37915) affecting the same orchestrator product.

“A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise,” the company said.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2022-0030)

[adrotate banner=”5″]

[adrotate banner=”13″]