Nicholas Newsom

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions 8.1 through 8.1.22 Palo Alto Networks PAN-OS versions 9.0 through 9.0.15 Palo Alto Networks PAN-OS versions 9.1 through 9.1.12 Palo Alto Networks PAN-OS versions 10.0 through 10.0.9 Palo Alto Networks PAN-OS versions 10.1 through 10.1.4 **Description** A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. **Recommendations** For PAN-OS 8.1 versions earlier than 8.1.23, update to version 8.1.23 or later. For PAN-OS 9.0 versions earlier than 9.0.16, update to version 9.0.16 or later. For PAN-OS 9.1 versions earlier than 9.1.13, update to version 9.1.13 or later. For PAN-OS 10.0 versions earlier than 10.0.10, update to version 10.0.10 or later. For PAN-OS 10.1 versions earlier than 10.1.5, update to version 10.1.5 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 8.1.22 PAN-OS versions prior to 9.0.16 PAN-OS versions prior to 9.1.13 PAN-OS versions prior to 10.0.10 PAN-OS versions prior to 10.1.5 **Description** An improper handling of exceptional conditions issue exists in the DNS proxy feature of Palo Alto Networks PAN-OS software. This allows a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall, causing the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. **Recommendations** For PAN-OS 8.1, update to version 8.1.22 or later. For PAN-OS 9.0, update to version 9.0.16 or later. For PAN-OS 9.1, update to version 9.1.13 or later. For PAN-OS 10.0, update to version 10.0.10 or later. For PAN-OS 10.1, update to version 10.1.5 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions earlier than 8.1.20 PAN-OS versions earlier than 9.0.14 PAN-OS versions earlier than 9.1.9 PAN-OS versions earlier than 10.0.1 **Description** A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts Prisma Access customers with Prisma Access 2.1 Preferred firewalls. **Recommendations** For PAN-OS versions earlier than 8.1.20, update to version 8.1.20 or later. For PAN-OS versions earlier than 9.0.14, update to version 9.0.14 or later. For PAN-OS versions earlier than 9.1.9, update to version 9.1.9 or later. For PAN-OS versions earlier than 10.0.1, update to version 10.0.1 or later. As a temporary workaround, consider restricting access to the SAML authentication process until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 8.1.20 PAN-OS versions prior to 9.0.14 PAN-OS versions prior to 9.1.9 PAN-OS versions prior to 10.0.5 **Description** The issue is related to improper handling of exceptional conditions in the dataplane of PAN-OS, allowing an unauthenticated network-based attacker to send specifically crafted traffic through the firewall, causing the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. **Recommendations** For PAN-OS versions prior to 8.1.20, update to version 8.1.20 or later. For PAN-OS versions prior to 9.0.14, update to version 9.0.14 or later. For PAN-OS versions prior to 9.1.9, update to version 9.1.9 or later. For PAN-OS versions prior to 10.0.5, update to version 10.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 8.1.21 PAN-OS versions prior to 9.0.14-h4 PAN-OS versions prior to 9.1.11-h3 PAN-OS versions prior to 10.0.8-h4 PAN-OS versions prior to 10.1.3 **Description** An improper handling of exceptional conditions issue exists in Palo Alto Networks GlobalProtect portal and gateway interfaces, allowing an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface, causing the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. Prisma Access customers are not impacted by this issue. **Recommendations** For PAN-OS versions prior to 8.1.21, update to version 8.1.21 or later. For PAN-OS versions prior to 9.0.14-h4, update to version 9.0.14-h4 or later. For PAN-OS versions prior to 9.1.11-h3, update to version 9.1.11-h3 or later. For PAN-OS versions prior to 10.0.8-h4, update to version 10.0.8-h4 or later. For PAN-OS versions prior to 10.1.3, update to version 10.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions earlier than 8.1.16 PAN-OS versions earlier than 9.0.10 PAN-OS versions earlier than 9.1.4 PAN-OS versions earlier than 10.0.1 **Description** An OS command injection and memory corruption issue in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. **Recommendations** For PAN-OS 8.1, update to version 8.1.16 or later. For PAN-OS 9.0, update to version 9.0.10 or later. For PAN-OS 9.1, update to version 9.1.4 or later. For PAN-OS 10.0, update to version 10.0.1 or later.

Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 8.1.17 PAN-OS versions prior to 9.0.11 PAN-OS versions prior to 9.1.5 PAN-OS versions prior to 10.0.1 Description: An authentication bypass issue exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software, allowing an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features include GlobalProtect Gateway, GlobalProtect Portal, and GlobalProtect Clientless VPN. In configurations where client certificate verification is used with other authentication methods, the protections added by the certificate check are ignored. Recommendations: For PAN-OS versions prior to 8.1.17, update to version 8.1.17 or later. For PAN-OS versions prior to 9.0.11, update to version 9.0.11 or later. For PAN-OS versions prior to 9.1.5, update to version 9.1.5 or later. For PAN-OS versions prior to 10.0.1, update to version 10.0.1 or later. As a temporary workaround, consider restricting access to the GlobalProtect SSL VPN component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions earlier than 8.1.16 PAN-OS versions earlier than 9.0.10 PAN-OS versions earlier than 9.1.3 **Description** The issue is an OS Command Injection vulnerability in the PAN-OS management interface. It allows authenticated administrators to execute arbitrary OS commands with root privileges. **Recommendations** For PAN-OS 8.1 versions earlier than 8.1.16, update to version 8.1.16 or later. For PAN-OS 9.0 versions earlier than 9.0.10, update to version 9.0.10 or later. For PAN-OS 9.1 versions earlier than 9.1.3, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 10.0.1 **Description** A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. **Recommendations** For versions prior to 10.0.1, update to PAN-OS 10.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the management web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions 8.0 through 8.1.15 **Description** The issue is caused by an insecure configuration of the appweb daemon, allowing a remote unauthenticated user to send a specifically crafted request to the device, causing the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. **Recommendations** For PAN-OS versions 8.0 through 8.1.15, update to version 8.1.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1 through 8.1.12 PAN-OS versions 9.0 through 9.0.6 **Description** A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. **Recommendations** For PAN-OS versions 7.1 through 8.1.12, update to PAN-OS 8.1.13 or later. For PAN-OS versions 9.0 through 9.0.6, update to PAN-OS 9.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1 through 8.0 PAN-OS versions 8.1 through 8.1.12 PAN-OS versions 9.0 through 9.0.6 **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows an attacker to execute arbitrary operating system commands with root privileges when uploading a new certificate in FIPS-CC mode. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For PAN-OS versions 7.1 through 8.0, update to a version later than 8.0. For PAN-OS versions 8.1 through 8.1.12, update to PAN-OS 8.1.13 or later. For PAN-OS versions 9.0 through 9.0.6, update to PAN-OS 9.0.7 or later. As a temporary workaround, consider restricting access to the certificate upload feature in FIPS-CC mode until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 9.1.2 **Description** A NULL pointer dereference issue allows an authenticated administrator to send a request that causes the rasmgr daemon to crash, resulting in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. **Recommendations** For versions prior to 9.1.2, update to version 9.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the rasmgr daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS Panorama versions 7.1 Palo Alto Networks PAN-OS Panorama versions 8.1 through 8.1.13 Palo Alto Networks PAN-OS Panorama versions 9.0 through 9.0.6 **Description** An external control of filename vulnerability in the SD WAN component allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases, this results in arbitrary code execution with root permissions. **Recommendations** For versions 7.1, update to a version later than 7.1 to resolve the issue. For versions 8.1 through 8.1.13, update to version 8.1.14 or later to resolve the issue. For versions 9.0 through 9.0.6, update to version 9.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1 through 8.1.13 PAN-OS versions 9.0 through 9.0.6 **Description** The issue is an OS command injection vulnerability in the PAN-OS management interface. This allows an authenticated administrator to execute arbitrary OS commands with root privileges. The vulnerability exists due to the lack of neutralization of special elements used in the OS command. **Recommendations** For PAN-OS versions 7.1 through 8.1.13, update to version 8.1.14 or later. For PAN-OS versions 9.0 through 9.0.6, update to version 9.0.7 or later. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 7.1.26 PAN-OS versions prior to 8.1.13 PAN-OS versions prior to 9.0.7 PAN-OS versions prior to 9.1.1 PAN-OS 8.0 (all versions) **Description** A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. **Recommendations** For PAN-OS 7.1, update to version 7.1.26 or later. For PAN-OS 8.1, update to version 8.1.13 or later. For PAN-OS 9.0, update to version 9.0.7 or later. For PAN-OS 9.1, update to version 9.1.1 or later. For PAN-OS 8.0, consider upgrading to a newer version of PAN-OS, as all versions of 8.0 are affected.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions 8.1.0 through 8.1.12 Palo Alto Networks PAN-OS versions 9.0.0 through 9.0.6 **Description** A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. **Recommendations** For versions 8.1.0 through 8.1.12, update to version 8.1.13 or later. For versions 9.0.0 through 9.0.6, update to version 9.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 8.1.13 **Description** A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network-based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. **Recommendations** For PAN-OS versions prior to 8.1.13, update to PAN-OS 8.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the Panorama management interfaces to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 8.1.9 and earlier PAN-OS versions 9.0.3 and earlier **Description** The issue is related to memory corruption in the PAN-OS system, which can be caused by an administrative user rekeying the current client interactive session. This can lead to arbitrary memory corruption. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to cause memory corruption or a denial of service. **Recommendations** For PAN-OS versions 8.1.9 and earlier, update to a version later than 8.1.9 to resolve the issue. For PAN-OS versions 9.0.3 and earlier, update to a version later than 9.0.3 to resolve the issue. As a temporary workaround, consider restricting the ability of administrative users to rekey the current client interactive session until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1.24 and earlier PAN-OS versions 8.0.19 and earlier PAN-OS versions 8.1.9 and earlier PAN-OS versions 9.0.3 and earlier **Description** The issue is caused by a memory corruption vulnerability that allows a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. This can be achieved by exploiting a buffer overflow operation in memory. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For PAN-OS versions 7.1.24 and earlier, update to a version later than 7.1.24 to resolve the issue. For PAN-OS versions 8.0.19 and earlier, update to a version later than 8.0.19 to resolve the issue. For PAN-OS versions 8.1.9 and earlier, update to a version later than 8.1.9 to resolve the issue. For PAN-OS versions 9.0.3 and earlier, update to a version later than 9.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the Secure Shell Daemon (SSHD) to minimize the risk of exploitation.