PAN-OS

Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2024-3400)

abril 18, 2024

Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges. The CVSS score […]

PAN-OS Remote Code Execution Vulnerability (CVE-2020-2040) Threat Alert

outubro 3, 2020

Vulnerability Description

Recently, NSFOCUS detected that Palo Alto Networks (PAN) released a security advisory, which announced a critical vulnerability (CVE-2020-2040) assigned a CVSS base score of 9.8. When Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured, this buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to potentially disrupt system processes and execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or MFA interface. This vulnerability is easy to exploit and requires no user interaction. Affected users are advised to take measures without delay.

PAN-OS is an operating system that runs on PAN firewalls and enterprise VPN appliances.

(mais…)

Search

Inscreva-se no Blog da NSFOCUS