Tuesday, October 20, 23:09
Home security Palo Alto Networks has fixed critical vulnerabilities in PAN-OS

Palo Alto Networks has fixed critical vulnerabilities in PAN-OS


Η Palo Alto Networks was released updates security and corrected critical vulnerabilities in PAN-OS firewall software, which could allow executing malicious code and realization denial-of-service (DoS) attacks.

The most serious vulnerability was one "Buffer overflow" problem which can be exploited by a remote, unauthorized user to interrupt system processes and execute root privileged code.

Vulnerability has been named CVE-2020-2040 and could be used by sending specially made requests to Multi-Factor Authentication (MFA) interface or the Captive Portal.

This vulnerability was rated 9,8 on the CVSS scale and affects all versions PAN-OS 8.0, versions 8.1 before 8.1.15, PAN-OS versions 9.0 before 9.0.9 and PAN-OS versions 9.1 before 9.1.3.

Another serious vulnerability fixed by Palo Alto Networks is a “Reflected Cross-Site Scripting ”(XSS) problem in PAN-OS. THE vulnerability has been named CVE-2020-2036 and is located at management web interface.

A remote intruder can persuade an administrator in the firewall management interface to click on a constructed link to this management web interface. If this is done, the hacker could possibly execute JavaScript code in browser of the administrator and perform actions that only the administrator could.

This vulnerability has been rated 8,8 on the CVSS scale and affects all versions PAN-OS 8.1 before 8.1.16 and PAN-OS versions 9.0 before 9.0.9.

Palo Alto Networks

Palo Alto Networks also fixed a vulnerability, which has been named CVE-2020-2041 and could allow realization denial-of-Service attack.

"An insecure configuration of the Palo Alto Networks appweb daemon PAN-OS 8.1 allows a remote, unauthorized user to send a specially crafted request to device, which will cause the appweb service to shut down", Says the company. "Repeated attempts to send this request result in denial of service on all services PAN-OS, causing the device to restart and put it in maintenance mode"

The complete list of vulnerabilities corrected by company, there is here.

Palo Alto Networks says it has found no evidence that vulnerabilities in PAN-OS firewall software have been exploited by hackers.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Google removes two ad blockers that collect user data

Google removed two ad blocker extensions from the official Chrome Web Store over the weekend after realizing that they were stealing ...

Two out of five employees are not sure what phishing is

The COVID-19 pandemic posed a significant challenge for businesses around the world, as the dispersed workforce seems to be ...

Hackers disguise themselves as McAfee staff and deceive users

According to Google, hackers backed by the Chinese government were disguised as McAfee employees to trick users into ...

How to find products sold by Amazon itself

Amazon acts as an intermediary in the sale of millions of goods by thousands of sellers around the world. The quality of these products varies ....

How to stop the automatic switching of AirPods between iPhone and iPad

AirPods and AirPods Pro automatically switch between iPhone and iPad. If you turn off the iPad and start a call on your iPhone, ...

The Windows 10 KB4579311 update has an installation problem

Windows 10 users face many problems when installing the latest cumulative update KB4579311 and those who can ...

The big "Twitter hack" was the result of employee fraud

The biggest Twitter hack that has become known to date, was the one that took place last July and resulted in ...

Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...