CVE-2022-0030 - OpenCVE

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2022-0030	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-10-12T00:00:00

Updated: 2022-10-12T00:00:00

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0030

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-12T17:15:10.493

Modified: 2022-10-14T15:33:50.897

Link: CVE-2022-0030

JSON object: View

Redhat Information

No data.

CWE

CWE-290

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0030", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "datePublished": "2022-10-12T00:00:00", "dateUpdated": "2022-10-12T00:00:00", "dateReserved": "2021-12-28T00:00:00"}, "containers": {"cna": {"title": "PAN-OS: Authentication Bypass in Web Interface", "datePublic": "2022-10-12T00:00:00", "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-10-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions."}], "affected": [{"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"version": "9.0 All", "status": "unaffected"}, {"version": "9.1 All", "status": "unaffected"}, {"version": "10.1 All", "status": "unaffected"}, {"version": "10.2 All", "status": "unaffected"}, {"version": "10.0 All", "status": "unaffected"}, {"version": "8.1", "status": "affected", "lessThan": "8.1.24", "versionType": "custom", "changes": [{"at": "8.1.24", "status": "unaffected"}]}]}, {"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"version": "All", "status": "unaffected"}]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"version": "All", "status": "unaffected"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0030"}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks the security researcher that discovered and reported this issue."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing", "cweId": "CWE-290"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PAN-195571"], "discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "value": "Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat ID 92720 (Applications and Threats content update 8630-7638).\n\nTo exploit this issue, the attacker must have network access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "timeline": [{"lang": "en", "time": "2022-10-12T00:00:00", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.24 and all later PAN-OS versions.\n\nPlease note that PAN-OS 8.1 has reached its software end-of-life (EoL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances and only until each of their respective hardware EoL dates: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates.html."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7D77695-CFDE-4BAE-8C8B-E389CC5C7A3F", "versionEndExcluding": "8.1.24", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la interfaz web de Palo Alto Networks PAN-OS versi\u00f3n 8.1, permite a un atacante basado en la red con conocimientos espec\u00edficos del firewall o dispositivo Panorama de destino hacerse pasar por un administrador de PAN-OS existente y llevar a cabo acciones privilegiadas"}], "id": "CVE-2022-0030", "lastModified": "2022-10-14T15:33:50.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-10-12T17:15:10.493", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0030"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}