Η Palo Alto Networks was released updates security and corrected critical vulnerabilities in PAN-OS firewall software, which could allow executing malicious code and realization denial-of-service (DoS) attacks.
The most serious vulnerability was one "Buffer overflow" problem which can be exploited by a remote, unauthorized user to interrupt system processes and execute root privileged code.
Vulnerability has been named CVE-2020-2040 and could be used by sending specially made requests to Multi-Factor Authentication (MFA) interface or the Captive Portal.
This vulnerability was rated 9,8 on the CVSS scale and affects all versions PAN-OS 8.0, versions 8.1 before 8.1.15, PAN-OS versions 9.0 before 9.0.9 and PAN-OS versions 9.1 before 9.1.3.
Another serious vulnerability fixed by Palo Alto Networks is a “Reflected Cross-Site Scripting ”(XSS) problem in PAN-OS. THE vulnerability has been named CVE-2020-2036 and is located at management web interface.
This vulnerability has been rated 8,8 on the CVSS scale and affects all versions PAN-OS 8.1 before 8.1.16 and PAN-OS versions 9.0 before 9.0.9.
Palo Alto Networks also fixed a vulnerability, which has been named CVE-2020-2041 and could allow realization denial-of-Service attack.
"An insecure configuration of the Palo Alto Networks appweb daemon PAN-OS 8.1 allows a remote, unauthorized user to send a specially crafted request to device, which will cause the appweb service to shut down", Says the company. "Repeated attempts to send this request result in denial of service on all services PAN-OS, causing the device to restart and put it in maintenance mode"
Palo Alto Networks says it has found no evidence that vulnerabilities in PAN-OS firewall software have been exploited by hackers.