CVE-2022-0024

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 8.1 through 8.1.22 Palo Alto Networks PAN-OS versions 9.0 through 9.0.15 Palo Alto Networks PAN-OS versions 9.1 through 9.1.12 Palo Alto Networks PAN-OS versions 10.0 through 10.0.9 Palo Alto Networks PAN-OS versions 10.1 through 10.1.4

Description A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers.

Recommendations For PAN-OS 8.1 versions earlier than 8.1.23, update to version 8.1.23 or later. For PAN-OS 9.0 versions earlier than 9.0.16, update to version 9.0.16 or later. For PAN-OS 9.1 versions earlier than 9.1.13, update to version 9.1.13 or later. For PAN-OS 10.0 versions earlier than 10.0.10, update to version 10.0.10 or later. For PAN-OS 10.1 versions earlier than 10.1.5, update to version 10.1.5 or later.