QID 730448

Date Published: 2022-04-14

QID 730448: Palo Alto Networks (PAN-OS) Denial of Service (DoS) Vulnerability (PAN-164264)

PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode.

Affected Versions:
PAN-OS 10.1 versions earlier than PAN-OS 10.1.5
PAN-OS 10.0 versions earlier than PAN-OS 10.0.10
PAN-OS 9.1 versions earlier than PAN-OS 9.1.13
PAN-OS 9.0 versions earlier than PAN-OS 9.0.16
PAN-OS 8.1 versions earlier than PAN-OS 8.1.22


QID Detection Logic (Authenticated):

This QID looks for the vulnerable version of PAN-OS

NOTE:This issue is applicable only to PAN-OS hardware and virtual firewalls with the DNS proxy feature enabled. You can verify whether DNS proxy is enabled by selecting 'Network > DNS Proxy from the web interface.

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode.

  • CVSS V3 rated as Medium - 5.9 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
    • Solution

    Refer to PAN-164264 for more information about patching this vulnerability.



    Workaround:
    Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556). To completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version.

    Vendor References

    CVEs related to QID 730448

    CVE-2022-0023 |
    Software Advisories
    Advisory ID Software Component Link
    PAN-164264 URL Logo security.paloaltonetworks.com/CVE-2022-0023
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].