dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Avatar
info@thehackernews.com (The Hacker News)
February 13, 2025
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. “An authentication bypass in the Palo Alto Networks PAN-OS software enables an
Total
0
Shares
0
0
0
[[{“value”:”

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.

The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.

“An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” Palo Alto Networks said in an advisory.

“While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.”

The vulnerability affects the following versions –

PAN-OS 11.2 < 11.2.4-h4 (Fixed in >= 11.2.4-h4)
PAN-OS 11.1 < 11.1.6-h1 (Fixed in >= 11.1.6-h1)
PAN-OS 11.0 (Upgrade to a supported fixed version as it has reached end-of-life status on November 17, 2024)
PAN-OS 10.2 < 10.2.13-h3 (Fixed in >= 10.2.13-h3
PAN-OS 10.1 < 10.1.14-h9 (Fixed in >= 10.1.14-h9)

Searchlight Cyber/Assetnote security researcher Adam Kues, who is credited with discovering and reporting the flaw, said the security defect has to do with a discrepancy in how the interface’s Nginx and Apache components handle incoming requests, resulting in a directory traversal attack.

Palo Alto Networks has also shipped updates to resolve two other flaws –

CVE-2025-0109 (CVSS score: 5.5) – An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface that enables an attacker with network access to the management web interface to delete certain files as the “nobody” user, including limited logs and configuration files (Fixed in PAN-OS versions 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9)
CVE-2025-0110 (CVSS score: 7.3) – A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin that enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands (Fixed in PAN-OS OpenConfig Plugin version 2.1.2)

To mitigate the risk posed by the vulnerability, it’s highly advised to disable access to the management interface from the internet or any untrusted network. Customers who do not use OpenConfig can either choose to disable or uninstall the plugin from their instances.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

February 13, 2025
Next Post

AI and Security – A New Puzzle to Figure Out

February 13, 2025
Related Posts
10 min

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.
Avatar
info@thehackernews.com (The Hacker News)
December 23, 2024
Read More