Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution
by CIRT Team
DESCRIPTION
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for arbitrary code execution. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to disrupt system processes and potentially execute arbitrary code with root privileges.
IMPACT
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:
- Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled (CVE-2020-2040)
- Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (CVE-2020-2036)
- Management web interface denial-of-service (DoS) (CVE-2020-2041)
- OS command injection vulnerability in the management web interface (CVE-2020-2037)
- OS command injection vulnerability in the management web interface (CVE-2020-2038)
- Buffer overflow in the management web interface (CVE-2020-2042)
- Management web interface denial-of-service (DoS) through unauthenticated file upload (CVE-2020-2039)
- Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs (CVE-2020-2043)
- Passwords may be logged in clear text while storing operational command (op command) history (CVE-2020-2044)
Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to the affected application.
SYSTEM AFFECTED
All versions of PAN-OS 8.0
PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
RECOMMENDATIONS
Following actions are recommended to be taken:
Apply appropriate patches or appropriate mitigations provided by Palo Alto to vulnerable systems immediately after appropriate testing.
- Block external access at the network boundary, unless external parties require service.
- If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
- To reduce the impact of latent vulnerabilities, always run non administrative software as an unprivileged user with minimal access rights.
REFERENCES
https://security.paloaltonetworks.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2044
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
