Palo Alto Networks warns of critical remote code execution bug – Security

Palo Alto Networks has found a significant vulnerability in its PAN-OS working system that could

Palo Alto Networks has found a significant vulnerability in its PAN-OS working system that could help unauthenticated attackers to operate arbitrary code on equipment with the highest-degree root superuser privileges.

The buffer overflow vulnerability is uncovered only when both the unit has the Captive Portal enabled, or multi-component authentication configured, permitting attackers to mail malicious requests to them.

Provided the Widespread Vulnerabilties and Exposures index CVE-2020-2040, the flaw is rated as significant with a score of 9.eight out of 10.

PAN-OS 10. is not impacted by the vulnerability, but versions prior to eight., eight.1.15, 9..9 and 9.1.three are, the corporation stated in its stability advisory.

Afterwards versions of PAN-OS have solved the situation.

As of however, Palo Alto Networks is not conscious of any lively exploitation of the vulnerability.

Independently, stability seller Beneficial Systems has printed information of a few other significant vulnerabilties remedied by Palo Alto Networks.

These incorporate the CVE-2020-2036 cross-scripting vulnerability with a score of eight.eight, the CVE-2020-2037 flaw that makes it possible for arbitrary PAN-OS commands to be injected and which has a 7.two score, similarly to the 2020-2038 flaw.

In June this calendar year, Monash College infosec staff found a 10 out of 10 rated significant vulnerability in PAN-OS that is effortless to exploit with no consumer interaction required.

The June vulnerability was considered so really serious that the United States cyber command issued a public inform, advising users to patch their Palo Alto Community equipment promptly, or facial area being attacked by nation-point out hackers.