=================================================================== CERT-Renater Note d'Information No. 2022/VULN379 _____________________________________________________________________ DATE : 13/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S):Systems running Cloud NGFW, PAN-OS, Prisma Access. ====================================================================https://security.paloaltonetworks.com/CVE-2022-0030 _____________________________________________________________________ CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface Severity 8.1 ยท HIGH Attack Vector NETWORK Scope UNCHANGED Attack Complexity HIGH Confidentiality Impact HIGH Privileges Required NONE Integrity Impact HIGH User Interaction NONE Availability Impact HIGH NVD JSON Published 2022-10-12 Updated 2022-10-12 Reference PAN-195571 Discovered externally Description An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. Product Status Versions Affected Unaffected Cloud NGFW None All PAN-OS 10.2 None All PAN-OS 10.1 None All PAN-OS 10.0 None All PAN-OS 9.1 None All PAN-OS 9.0 None All PAN-OS 8.1 < 8.1.24 >= 8.1.24 Prisma Access None All Severity:HIGH CVSSv3.1 Base Score:8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue. Weakness Type CWE-290 Authentication Bypass by Spoofing Solution This issue is fixed in PAN-OS 8.1.24 and all later PAN-OS versions. Please note that PAN-OS 8.1 has reached its software end-of-life (EoL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances and only until each of their respective hardware EoL dates: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates.html. Workarounds and Mitigations Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat ID 92720 (Applications and Threats content update 8630-7638). To exploit this issue, the attacker must have network access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices. Acknowledgments Palo Alto Networks thanks the security researcher that discovered and reported this issue. Timeline 2022-10-12 Initial publication ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =======================================================