Description
Palo Alto Network Security has identified several security vulnerabilities related to their PAN-OS.
Summary
PAN-OS is a software that runs all the Palo Alto networks, next generation firewalls. By maximizing the use of the key technologies built into PAN-OS, one can have complete visibility and control of the applications in use across all users and devices in all locations all the time.
On the 9th September, 2020, Palo Alto published several security vulnerabilities and their workarounds. Five (5) were listed as severity vulnerabilities, while one (1) was listed as critical for PAN-OS:
The vulnerabilities are as follows:
How does this vulnerability work
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive portal or Multi-factor Authentication interface.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2040
How does this vulnerability work
A remote attacker is able to convince an administrator who has an active authenticated session on the firewall management interface by having them click on a crafted link to the web interface which could potentially execute arbitrary Javascript code in the administrators browser.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2036
How does this vulnerability work
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2041
How does this vulnerability work
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2037
How does this vulnerability work
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2038
How does this vulnerability work
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.
For more information visit: https://security.paloaltonetworks.com/CVE-2020-2042
Products Affected
These vulnerabilities affect the following versions of PAN-OS:
The Guyana National CIRT recommends that users and administrators review the necessary solutions and/or workarounds and apply them where necessary:
References
CERT-EU – Vulnerabilities in Palo Alto PAN-OS. Retrieved September 10, 2020
https://media.cert.europa.eu/static/SecurityAdvisories/2020/CERT-EU-SA2020-045.pdf
Paloalto – CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled. Retrieved September 9, 2020
https://security.paloaltonetworks.com/CVE-2020-2040
DALOOP – Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks firewalls. Retrieved September 10, 2020
HELPNETSECURITY- Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks firewalls. Retrieved September 10, 2020
https://www.helpnetsecurity.com/2020/09/10/vulnerabilities-discovered-in-pan-os/