Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls.
One of the most severe vulnerabilities, tracked as CVE-2020-2018, is an authentication bypass vulnerability in the Panorama context switching feature. The flaw could be exploited by an attacker with network access to a Panorama’s management interface to gain privileged access to managed firewalls.
“An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama’s management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue.” reads the advisory published by the vendor.
This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices.
The issue received a CVSSv3.1 Base Score of 9, it affects PAN-OS 7.1 versions earlier than 7.1.26, PAN-OS 8.1 versions earlier than 8.1.12, PAN-OS 9.0 versions earlier than 9.0.6, and all versions of PAN-OS 8.0.
Palo Alto Networks also addressed an XML external entity reference (‘XXE’) vulnerability, tracked as CVE-2020-2012, that could lead to information leak.
The flaw could be exploited by unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.
The vendor also fixed a high-severity vulnerability, tracked as CVE-2020-2011, that could be exploited by a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition to all Panorama services by sending specially crafted registration requests.
Other high severity issues affect the previous Nginx version used in PAN-OS software, some of them could be exploited without authentication.
Palo Alto Networks also addressed serious cross-site scripting (XSS) vulnerability in the GlobalProtect Clientless VPN can be exploited to compromise a user’s session by tricking the victims into visiting a malicious website.
The full list of vulnerabilities addressed by Palo Alto Networks is available here.
(SecurityAffairs – PaloAlto Networks, hacking)