QID 730909
Date Published: 2023-09-27
QID 730909: Palo Alto Networks (PAN-OS) Denial of Service (DoS) Vulnerability in BGP Software (PAN-227523)
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
Affected Versions:
PAN-OS 11.0 versions earlier than PAN-OS 11.0.3
PAN-OS 10.2 versions earlier than PAN-OS 10.2.6
PAN-OS 10.1 versions earlier than PAN-OS 10.1.11
PAN-OS 9.1 versions earlier than PAN-OS 9.1.16
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS
NOTE:This QID is marked as Practice as this issue is applicable only to devices and appliances that are configured with BGP router features enabled.
BGP software such as FRRouting FRR included as part of the PAN-OS and Prisma SD-WAN ION routing features enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. This issue is applicable only to devices and appliances with BGP routing features enabled.
You can prevent exploitation of this issue by inserting an unimpacted BGP router configured to drop the invalid BGP update instead of propagating it between the attacker-originated BGP update and the PAN-OS or Prisma SD-WAN ION router. This stops the invalid BGP update from reaching the affected router.
- PAN-227523 -
security.paloaltonetworks.com/CVE-2023-38802
CVEs related to QID 730909
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| PAN-227523 |
security.paloaltonetworks.com/CVE-2023-38802 |