Palo Alto PAN-OS up to 8.1.22/9.0.15/9.1.12/10.0.9/10.1.4 Configuration Privilege Escalation

A vulnerability, which was classified as critical, has been found in Palo Alto PAN-OS up to 8.1.22/9.0.15/9.1.12/10.0.9/10.1.4 (Firewall Software). Affected by this issue is an unknown code of the component Configuration Handler. Upgrading to version 8.1.23, 9.0.16, 9.1.13, 10.0.10 or 10.1.5 eliminates this vulnerability.

Field05/12/2022 12:50 PM05/14/2022 04:32 PM05/14/2022 04:39 PM
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prHHH
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cHHH
cvss3_cna_iHHH
cvss3_cna_aHHH
urlhttps://security.paloaltonetworks.com/CVE-2022-0024https://security.paloaltonetworks.com/CVE-2022-0024https://security.paloaltonetworks.com/CVE-2022-0024
nameUpgradeUpgradeUpgrade
upgrade_version8.1.23/9.0.16/9.1.13/10.0.10/10.1.58.1.23/9.0.16/9.1.13/10.0.10/10.1.58.1.23/9.0.16/9.1.13/10.0.10/10.1.5
cveCVE-2022-0024CVE-2022-0024CVE-2022-0024
cve_assigned164064600016406460001640646000
cve_cnaPalo Alto Networks, Inc.Palo Alto Networks, Inc.Palo Alto Networks, Inc.
date1652306400 (05/12/2022)1652306400 (05/12/2022)1652306400 (05/12/2022)
typeFirewall SoftwareFirewall SoftwareFirewall Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss3_cna_basescore7.27.27.2
cvss2_vuldb_basescore8.38.38.3
cvss2_vuldb_tempscore7.27.27.2
cvss3_vuldb_basescore7.27.27.2
cvss3_vuldb_tempscore6.96.96.9
cvss3_meta_basescore7.27.27.2
cvss3_meta_tempscore7.07.07.0
price_0day$0-$5k$0-$5k$0-$5k
vendorPalo AltoPalo AltoPalo Alto
namePAN-OSPAN-OSPAN-OS
version<=8.1.22/9.0.15/9.1.12/10.0.9/10.1.4<=8.1.22/9.0.15/9.1.12/10.0.9/10.1.4<=8.1.22/9.0.15/9.1.12/10.0.9/10.1.4
componentConfiguration HandlerConfiguration HandlerConfiguration Handler
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cve_nvd_summaryA vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.
cwe00138

Do you want to use VulDB in your project?

Use the official API to access entries easily!