CVE-2022-0023Improper Handling of Exceptional Conditions in Palo Alto Networks Pan-os

CWE-755Improper Handling of Exceptional Conditions5 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.8%
top 26.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os+1 more
Timeline
PublishedApr 13
Latest updateAug 9

Description

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

NVDpaloaltonetworks/pan-os8.1.08.1.22+4
CVEListV5palo_alto_networks/pan-os8.18.1.22+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-x983-h22q-4r7v: An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a medd2022-04-14
CVEList
PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy2022-04-13

📋Vendor Advisories

2
VMware
VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)2022-08-09
Palo Alto
PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy2022-04-13
CVE-2022-0023 — Palo Alto Networks Pan-os vulnerability | cvebase