PAN-OS: Authentication Bypass in Web Interface
CVE-2022-0030
8.1HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 12 October 2022
Badges
👾 Exploit Exists
Summary
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.
Affected Version(s)
PAN-OS >= 9.0 All
PAN-OS >= 9.1 All
PAN-OS >= 10.1 All
Refferences
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks the security researcher that discovered and reported this issue.