Details of a series of bugs in Palo Alto Firewall Software, which the network provider addressed last September, were revealed by security researchers recently. The four-vulnerability swarm of bugs contains many bugs within, found by protection experts in Positive Technologies in the Palo Alto PAN-OS operating system. The next-generation firewall (NGFW) from Palo Alto Networks is the leading corporate firewall used to protect businesses from many cyber threats worldwide. It works with its own "PAN-OS" operating system.
Palo Alto Networks, Inc. is an American, international, Santa Clara, California-based, cybersecurity corporation. Its key offerings are a portal for integrated firewalls and cloud-based offers to broaden these firewalls into other security dimensions.
The vulnerabilities detected could lead to arbitrary OS command execution by an authorized user CVE-2020-2037 and CVE-2020-2038 – denial of service by an unauthorized user (CVE-2020-2039), and reflected cross-site scripting (XSS) (CVE-2020-2036). The weakness of CVE-2020-2037 was caused by the absence of user input filters. These may have contributed to remote code execution (RCE), but only pre-authorized users were limited to service, minimizing overall risk. These vulnerabilities allow an attacker to acquire access to sensitive information, to interrupt firewall component availability, or to access internal network segments. A black box examination of the web control interface of the firewall found, that the first vulnerability was triggered by a lack of user input filtering. PHP scripts manage user requests and transfers all data relating to a local port listening facility. It searches the data and returns the findings to the web application customer.
“Using these vulnerabilities, an attacker can gain access to sensitive data, disrupt the availability of firewall components or gain access to interna ..
Support the originator by clicking the read the rest link below.
