Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)

Palo Alto has released a security advisory to address an actively exploited, high-severity vulnerability (CVE-2022-0028) affecting PAN-OS, the operating system used by the company’s networking hardware products. The vulnerability is a PAN-OS URL filtering policy misconfiguration vulnerability that could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The advisory claims … Continue reading “Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)”

Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)

Palo Alto Networks (PAN) released an update addressing the vulnerability CVE-2021-3064. This vulnerability was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN. This VPN allows for unauthenticated remote code execution on susceptible product installations.     The zero-day vulnerability has a severity rating of 9.8. The vulnerability chain … Continue reading “Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)”

PAN-OS Multiple Vulnerabilities

On November 11, 2020, Palo Alto Networks released advisories addressing several vulnerabilities in PAN-OS. These vulnerabilities are of High and Medium severity.   About the security bugs CVE-2020-2048: System proxy passwords may be logged in clear text while viewing system stateThis issue is addressed in PAN-140157. Information disclosure through log file vulnerability exists where the … Continue reading “PAN-OS Multiple Vulnerabilities”