CVE-2022-0024

Published: May 11, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

7.2

HIGH

Description

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.

Vendor	Product	Versions
Palo Alto Networks	PAN-OS	affected `9.1 - < 9.1.13` affected `10.1 - < 10.1.5` affected `9.0 - < 9.0.16` affected `8.1 - < 8.1.23` affected `10.0 - < 10.0.10` +1 more versions

Weaknesses (CWE)

CWE-138

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://security.paloaltonetworks.com/CVE-2022-0024

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-0024

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References