10.13.2022

Palo Alto PAN-OS Security Update

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/13/2022

Action Level - High

Description

Palo Alto has released a security update to address a high severity vulnerability in the PAN-OS 8.1 web interface. If exploited, this vulnerability could allow an attacker to impersonate an administrator and perform privileged actions. 

Affected Versions

  • PAN-OS : versions prior to 8.1.24

Attack Vector

Any attacker with network access to the management interface can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to. In order to exploit this vulnerability, the attacker would need to have specific knowledge of the target device. 

Attack Feasibility

There is currently no exploit available.

Mitigation

Exploitation requires network access to the PAN-OS web interface, so restricting access to only needed source IPs can partially mitigate this vulnerability. For more information, review the document on securing admin access below.

Remediation

Though there is an update available for PAN-OS 8.1, this version has reached end of life and Palo Alto recommends updating to a current supported version.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC