CVE-2022-0024
published 2022-05-11CVE-2022-0024: A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.40%
69.1th percentile
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.0 < 10.0.10 | 10.0.10 |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.5 | 10.1.5 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.23 | 8.1.23 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.16 | 9.0.16 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.13 | 9.1.13 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.10 | 10.0.10 |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.5 | 10.1.5 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.23 | 8.1.23 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.16 | 9.0.16 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.13 | 9.1.13 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
vendor_vmware·2022-08-23·CVSS 7.8
CVE-2022-31676 [HIGH] VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
VMSA-2022-0024: VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.0.
CVEs: CVE-2022-31676
Affected products: VMware Tools
Palo Alto
PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
vendor_paloalto·2022-05-11·CVSS 7.2
CVE-2022-0024 [HIGH] CWE-138 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls.
This issue does not impact Panorama appliances or Prisma Access customers.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.23, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions.
Workaround: This issue requires the attacker to have authenticated access to the PAN-OS management int
GHSA
GHSA-3pp8-2gww-9cc2: A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically
ghsa_unreviewed·2022-05-12
CVE-2022-0024 [HIGH] GHSA-3pp8-2gww-9cc2: A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-11
Published