The four-vulnerability swarm of bugs contains many bugs within, found by protection experts in Positive Technologies in the Palo Alto PAN-OS operating system. The next-generation firewall (NGFW) from Palo Alto Networks is the leading corporate firewall used to protect businesses from many cyber threats worldwide. It works with its own “PAN-OS” operating system.
The vulnerabilities detected could lead to arbitrary OS command execution by an authorized user CVE-2020-2037 and CVE-2020-2038 – denial of service by an unauthorized user (CVE-2020-2039), and reflected cross-site scripting (XSS) (CVE-2020-2036). The weakness of CVE-2020-2037 was caused by the absence of user input filters. These may have contributed to remote code execution (RCE), but only pre-authorized users were limited to service, minimizing overall risk. These vulnerabilities allow an attacker to acquire access to sensitive information, to interrupt firewall component availability, or to access internal network segments.
A black box examination of the web control interface of the firewall found, that the first vulnerability was triggered by a lack of user input filtering. PHP scripts manage user requests and transfers all data relating to a local port listening facility. It searches the data and returns the findings to the web application customer.
“Using these vulnerabilities, an attacker can gain access to sensitive data, disrupt the availability of firewall components or gain access to internal network segments,” the researchers stated.
Unauthenticated users can carry out Denial-of-Service (DoS) attacks with a different vulnerability. The Nginx application platform is built into the firewall. The bug causes several files to be transferred to this server in such a manner that no storage space is left. The Palo Alto Networks NGFW site control panel is no longer available without any disk space resources. This is essentially a denial of service since the system as a whole cannot usually be used in this situation.
The fourth vulnerability involved a reflective XSS vulnerability exposed in the /unauth/php/change_password.php script. This script uses the user-controlled vector $_SERVER[‘PHP SELF’].
Though all four of the bugs are fixed, but each of these affected separate versions of PAN-OS, so the safest recommendation for sysadmins is to update to the current edition of the supported product.