CVE-2022-0024— Palo Alto Networks PAN-OS 安全漏洞

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

对特殊元素的转义处理不恰当

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS是Palo Alto Networks的一款下一代防火墙软件。 Palo Alto Networks PAN-OS 存在安全漏洞。攻击者利用该漏洞上传专门创建的配置，该配置会中断系统进程，并在硬件和虚拟设备上提交配置时以 root 权限执行任意代码。

N/A

N/A