Security Experts:

Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

The most serious of the flaws, based on its CVSS score of 9.8, is CVE-2020-2040, a buffer overflow can be exploited by a remote, unauthenticated attacker to disrupt system processes and possibly to execute arbitrary code with root permissions by sending specially crafted requests to the Multi-Factor Authentication (MFA) interface or the Captive Portal.

Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

A vulnerability that can be exploited to disrupt system processes and possibly to execute arbitrary code with root privileges has also been rated high severity, but exploitation requires authentication to the PAN-OS management interface.

The aforementioned vulnerabilities were discovered internally by Palo Alto Networks. However, the company has also published advisories for security holes identified by researchers at Positive Technologies.

According to Positive Technologies, its employees found a total of four vulnerabilities described as cross-site scripting (XSS), OS command injection, and DoS issues.

Exploitation of the OS command injection flaws, both classified as high severity, can allow an attacker with admin privileges to execute arbitrary commands as root.

The XSS vulnerability, which has a CVSS score of 8.8, allows a remote attacker to perform actions on behalf of an authenticated administrator by getting them to click on a malicious link.

“Attackers will be able to perform any actions on behalf of this user in the context of the Palo Alto application, spoof pages, and develop attacks,” Positive Technologies explained. “The attack can be conducted from the Internet, but if the administrator panel is located inside, attackers will have to know its address inside the network.”

Palo Alto Networks says it’s not aware of any attacks exploiting these vulnerabilities. However, the company’s products are known to have been targeted by malicious actors.

A few months ago, after the company announced patches for a critical authentication bypass flaw in PAN-OS, the U.S. Cyber Command warned that foreign APTs will likely attempt to exploit it.

Related: Palo Alto Networks Patches Many Vulnerabilities in PAN-OS

Related: Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS

Related: Juniper Networks Patches Critical Vulnerabilities in Firewalls

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.