Palo Alto Networks Patches Critical Authentication Bypass Vulnerability in PAN-OS
Palo Alto Networks has released security updates to address a high-severity authentication bypass vulnerability in its PAN-OS software, identified as CVE-2025-0108. This flaw could allow an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke certain PHP scripts, potentially compromising the integrity and confidentiality of the system.
Details of the Vulnerability
The vulnerability arises from improper validation of user-supplied data in the management web interface of PAN-OS. Exploitation of this flaw enables attackers to bypass authentication mechanisms and access specific PHP scripts. While this does not permit remote code execution, it poses significant risks to system integrity and data confidentiality.
Affected Versions
The following PAN-OS versions are affected:
- PAN-OS 11.2 versions prior to 11.2.4-h4
- PAN-OS 11.1 versions prior to 11.1.6-h1
- PAN-OS 10.2 versions prior to 10.2.13-h3
- PAN-OS 10.1 versions prior to 10.1.14-h9
It's important to note that PAN-OS 11.0 has reached end-of-life status as of November 17, 2024, and users are advised to upgrade to a supported version.
Recommended Actions
Palo Alto Networks strongly recommends that users upgrade to the latest fixed versions to mitigate this vulnerability. Additionally, it's advised to restrict access to the management web interface to trusted internal IP addresses, following best practice deployment guidelines. This measure significantly reduces the risk of exploitation.
Conclusion
Organizations utilizing Palo Alto Networks' PAN-OS are urged to promptly apply the recommended updates and implement access restrictions to safeguard against potential threats arising from this vulnerability.