Palo Alto Networks warns of critical remote code execution bug – Security

Palo Alto Networks has identified a significant vulnerability in its PAN-OS running method that could help unauthenticated attackers to operate arbitrary code on products with the highest-stage root superuser privileges.

The buffer overflow vulnerability is observed only when both the gadget has the Captive Portal enabled, or multi-variable authentication configured, letting attackers to send out malicious requests to them.

Offered the Typical Vulnerabilties and Exposures index CVE-2020-2040, the flaw is rated as significant with a rating of nine.eight out of 10.

PAN-OS 10. is not impacted by the vulnerability, but variations prior to eight., eight.1.15, nine..nine and nine.1.three are, the firm mentioned in its protection advisory.

Later on variations of PAN-OS have resolved the difficulty.

As of still, Palo Alto Networks is not knowledgeable of any lively exploitation of the vulnerability.

Individually, protection seller Beneficial Systems has posted aspects of a few other significant vulnerabilties remedied by Palo Alto Networks.

These include the CVE-2020-2036 cross-scripting vulnerability with a rating of eight.eight, the CVE-2020-2037 flaw that lets arbitrary PAN-OS commands to be injected and which has a 7.2 rating, equally to the 2020-2038 flaw.

In June this calendar year, Monash College infosec staff identified a 10 out of 10 rated significant vulnerability in PAN-OS that is effortless to exploit with no consumer interaction required.

The June vulnerability was considered so critical that the United States cyber command issued a public notify, advising consumers to patch their Palo Alto Community products instantly, or confront being attacked by nation-condition hackers.