Vulnerabilities in Palo Alto PAN-OS (9th September 2020)

Description

Palo Alto Network Security has identified several security vulnerabilities related to their PAN-OS. 

Summary

PAN-OS is a software that runs all the Palo Alto networks, next generation firewalls. By maximizing the use of the key technologies built into PAN-OS, one can have complete visibility and control of the applications in use across all users and devices in all locations all the time.

On the 9th September, 2020, Palo Alto published several security vulnerabilities and their workarounds. Five (5) were listed as severity vulnerabilities, while one (1) was listed as critical for PAN-OS:

The vulnerabilities are as follows:

  1. CVE-2020-2040 PAN-OS (critical): Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled.

How does this vulnerability work

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive portal or Multi-factor Authentication interface.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2040    

  1. CVE-2020-2036 PAN-OS (high): Reflected Cross-Site Scripting (XSS) vulnerability in management web interface.

How does this vulnerability work

A remote attacker is able to convince an administrator who has an active authenticated session on the firewall management interface by having them click on a crafted link to the web interface which could potentially execute arbitrary Javascript code in the administrator’s browser.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2036

  1. CVE-2020-2041 PAN-OS(high): Management web interface denial-of-service (DoS).

How does this vulnerability work

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2041

  1. CVE-2020-2037 PAN-OS(high): OS command injection vulnerability in the management web interface.

How does this vulnerability work

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2037

  1. CVE-2020-2038 PAN-OS (high): OS command injection vulnerability in the management webinterface.

How does this vulnerability work

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2038

  1. CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface.  

How does this vulnerability work

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

For more information visit: https://security.paloaltonetworks.com/CVE-2020-2042

Products Affected

These vulnerabilities affect the following versions of PAN-OS:

  1. PAN-OS 10.0
  2. PAN-OS 9.1
  3. PAN-OS 9.0
  4. PAN-OS 8.1

The Guyana National CIRT recommends that users and administrators review the necessary solutions and/or workarounds and apply them where necessary:

References

CERT-EU - Vulnerabilities in Palo Alto PAN-OS. Retrieved September 10, 2020

https://media.cert.europa.eu/static/SecurityAdvisories/2020/CERT-EU-SA2020-045.pdf

Paloalto - CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled. Retrieved September 9, 2020

https://security.paloaltonetworks.com/CVE-2020-2040

DALOOP - Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls. Retrieved September 10, 2020

https://www.oodaloop.com/briefs/2020/09/10/vulnerabilities-discovered-in-pan-os-which-powers-palo-alto-networks-firewalls/

HELPNETSECURITY- Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls. Retrieved September 10, 2020

https://www.helpnetsecurity.com/2020/09/10/vulnerabilities-discovered-in-pan-os/