Issued: Monday, 17 October, 2022 |
Last Revision: Monday, 17 October, 2022 |
Vendor: |
Product: |
Severity Level: |
Palo Alto Networks notifies about a high-severity authentication bypass vulnerability affecting the web interface of its PAN-OS 8.1 software.
The security hole is tracked as CVE-2022-0030, According to the company, a network-based attacker with specific knowledge of the targeted firewall or Panorama appliance can impersonate an existing PAN-OS admin and perform privileged actions.
PAN-OS 8.1.24 and later versions patch the vulnerability, but the vendor noted that PAN-OS 8.1 has reached end of life (EOL) and is supported only on certain firewalls and appliances until they reach EOL status as well.
As per Palo Alto Networks they are not aware of any attacks exploiting the vulnerability
CVE/Vulnerability | Description | CVSS 3.1 Base Score | Exploitable |
CVE-2022-0030 | Authentication Bypass in Web Interface | 8.1 | No |
Table 1: Vulnerability details
|
| |||
| CVE/Vulnerability | Product(s) Detail |
| |
| CVE-2022-0030 | Prior to Pan-OS 8.1.24 |
| |
Table 2: Vulnerable versions
we recommend to follow the “Palo- alto recommendation, to update to the latest version .