Palo Alto PAN-OS Security Update
Date of Notice: 10/13/2022
Action Level - High
Description
Palo Alto has released a security update to address a high severity vulnerability in the PAN-OS 8.1 web interface. If exploited, this vulnerability could allow an attacker to impersonate an administrator and perform privileged actions.
Affected Versions
- PAN-OS : versions prior to 8.1.24
Attack Vector
Any attacker with network access to the management interface can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to. In order to exploit this vulnerability, the attacker would need to have specific knowledge of the target device.
Attack Feasibility
There is currently no exploit available.
Mitigation
Exploitation requires network access to the PAN-OS web interface, so restricting access to only needed source IPs can partially mitigate this vulnerability. For more information, review the document on securing admin access below.
Remediation
Though there is an update available for PAN-OS 8.1, this version has reached end of life and Palo Alto recommends updating to a current supported version.
Vendor Resources