PAN-OS: Authentication Bypass in Web Interface

CVE-2022-0030

8.1HIGH

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 12 October 2022

Badges

👾 Exploit Exists

Summary

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

Affected Version(s)

PAN-OS >= 9.0 All

PAN-OS >= 9.1 All

PAN-OS >= 10.1 All

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 16, 2024
Initial publication
Oct 12, 2022
Vulnerability published.
Oct 12, 2022
Vulnerability Reserved.
Dec 28, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks the security researcher that discovered and reported this issue.