Описание
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9 Critical
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6.
Уязвимость веб-интерфейса администрирования операционной системы PAN-OS, позволяющая нарушителю получить доступ к устройству
EPSS
9 Critical
CVSS3
9.3 Critical
CVSS2