Palo Alto PAN-OS Security Update
Date of Notice: 10/13/2022
Action Level - High
Palo Alto has released a security update to address a high severity vulnerability in the PAN-OS 8.1 web interface. If exploited, this vulnerability could allow an attacker to impersonate an administrator and perform privileged actions.
- PAN-OS : versions prior to 8.1.24
Any attacker with network access to the management interface can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to. In order to exploit this vulnerability, the attacker would need to have specific knowledge of the target device.
There is currently no exploit available.
Exploitation requires network access to the PAN-OS web interface, so restricting access to only needed source IPs can partially mitigate this vulnerability. For more information, review the document on securing admin access below.
Though there is an update available for PAN-OS 8.1, this version has reached end of life and Palo Alto recommends updating to a current supported version.