CVE-2022-0011Interpretation Conflict in Palo Alto Networks Prisma Access

CWE-436Interpretation ConflictCWE-416Use After Free7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPalo Alto Networks Prisma Access+3 more
Timeline
PublishedFeb 10
Latest updateFeb 26

Description

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5palo_alto_networks/prisma_access2.1 Preferred, Innovation, 2.2 Preferred+1
NVDpaloaltonetworks/pan-os8.1.08.1.21+4
CVEListV5palo_alto_networks/pan-os8.18.1.21+4

🔴Vulnerability Details

2
GHSA
GHSA-pc4w-x9p8-64j7: PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on yo2022-02-11
CVEList
PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering2022-02-10

💥Exploits & PoCs

1
Metasploit
VMware Workspace ONE Access VMSA-2022-0011 exploit chain

📋Vendor Advisories

3
Red Hat
kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb2025-02-26
VMware
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.2022-04-06
Palo Alto
PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering2022-02-09
CVE-2022-0011 — Interpretation Conflict in Palo | cvebase