PAN-OS: Authentication Bypass in the Management Web Interface Disclosed andPatched
PAN-OS: Authentication Bypass in the Management Web Interface Disclosed andPatched
Summary
A recently discovered vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS, allows an unauthenticated attacker with network access to bypass authentication and access the management web interface from which an attacker can also invoke specific PHP scripts. Although this doesn’t lead to remote code execution, it can compromise the integrity and confidentiality of the system.
In order to mitigate risk, Palo Alto recommends that access to the management interface be restricted to trusted internal IP addresses. Palo Alto confirms that a viable solution for affected PAN-OS versions is to upgrade to later PAN-OS versions. This issue does not affect Cloud NGFW or Prisma Access software, and Palo Alto Networks is not aware of any malicious exploitation of this issue.
Affected Systems and/or Applications
- PAN-OS 10.1.14 and prior
- PAN-OS 10.2.13 and prior
- PAN-OS 11.0 (EoL) Upgrade to a supported fixed version
- PAN-OS 11.1.6 and prior
- PAN-OS 11.2.4 and prior
Mitigation/Solution
Palo Alto recommends that access to the management interface be restricted to trusted internal IP addresses in accordance with best practices. Patched versions are available as well for the following PAN-OS versions :
- PAN-OS 10.1 Upgrade to 10.1.14-h9 or later
- PAN-OS 10.2 Upgrade to 10.2.13-h3 or later
- PAN-OS 11.0 (EoL) Upgrade to a supported fixed version
- PAN-OS 11.1 Upgrade to 11.1.6-h1 or later
- PAN-OS 11.2 Upgrade to 11.2.4-h4 or later
What the Cyber Fusion Center is Doing
The CFC will continue to monitor the situation and send an advisory update if needed. Clients subscribed to our vulnerability scan services will receive relevant results if critical vulnerabilities are found within the scope of the scans as soon as a relevant plugin is made available by the scan provider.
- Qualys IDs: 732239, 732237
- Tenable IDs:
.webp)
.webp)