Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
None
E
Adjacent
AU
Y
R
Unchanged
V
Changed
RE
M
U
Red
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os12.1.6 – 12.1.6
- Palo Alto Networks / pan-os12.1.5 – 12.1.5
- Palo Alto Networks / pan-os12.1.4 – 12.1.4
- Palo Alto Networks / pan-os12.1.4 – 12.1.4
- Palo Alto Networks / pan-os12.1.4 – 12.1.4
- Palo Alto Networks / pan-os12.1.3 – 12.1.3
- Palo Alto Networks / pan-os12.1.2 – 12.1.2
- Palo Alto Networks / pan-os11.2.11 – 11.2.11
- Palo Alto Networks / pan-os11.2.10 – 11.2.10
- Palo Alto Networks / pan-os11.2.10 – 11.2.10
- Palo Alto Networks / pan-os11.2.10 – 11.2.10
- Palo Alto Networks / pan-os11.2.10 – 11.2.10
- Palo Alto Networks / pan-os11.2.10 – 11.2.10
- Palo Alto Networks / pan-os11.2.9 – 11.2.9
- Palo Alto Networks / pan-os11.2.8 – 11.2.8
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.7 – 11.2.7
- Palo Alto Networks / pan-os11.2.6 – 11.2.6
- Palo Alto Networks / pan-os11.2.5 – 11.2.5
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.4 – 11.2.4
- Palo Alto Networks / pan-os11.2.3 – 11.2.3
- Palo Alto Networks / pan-os11.2.2 – 11.2.2
- Palo Alto Networks / pan-os11.2.1 – 11.2.1
- Palo Alto Networks / pan-os11.2.0 – 11.2.0
- Palo Alto Networks / pan-os11.1.13 – 11.1.13
- Palo Alto Networks / pan-os11.1.13 – 11.1.13
- Palo Alto Networks / pan-os11.1.13 – 11.1.13
- Palo Alto Networks / pan-os11.1.13 – 11.1.13
- Palo Alto Networks / pan-os11.1.12 – 11.1.12
- Palo Alto Networks / pan-os11.1.11 – 11.1.11
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.10 – 11.1.10
- Palo Alto Networks / pan-os11.1.9 – 11.1.9
- Palo Alto Networks / pan-os11.1.8 – 11.1.8
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.6 – 11.1.6
- Palo Alto Networks / pan-os11.1.5 – 11.1.5
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.4 – 11.1.4
- Palo Alto Networks / pan-os11.1.3 – 11.1.3
- Palo Alto Networks / pan-os11.1.2 – 11.1.2
- Palo Alto Networks / pan-os11.1.1 – 11.1.1
- Palo Alto Networks / pan-os11.1.0 – 11.1.0
- Palo Alto Networks / pan-os10.2.18 – 10.2.18
- Palo Alto Networks / pan-os10.2.18 – 10.2.18
- Palo Alto Networks / pan-os10.2.17 – 10.2.17
- Palo Alto Networks / pan-os10.2.16 – 10.2.16
- Palo Alto Networks / pan-os10.2.16 – 10.2.16
- Palo Alto Networks / pan-os10.2.16 – 10.2.16
- Palo Alto Networks / pan-os10.2.16 – 10.2.16
- Palo Alto Networks / pan-os10.2.15 – 10.2.15
- Palo Alto Networks / pan-os10.2.14 – 10.2.14
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.13 – 10.2.13
- Palo Alto Networks / pan-os10.2.12 – 10.2.12
- Palo Alto Networks / pan-os10.2.11 – 10.2.11
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.10 – 10.2.10
- Palo Alto Networks / pan-os10.2.9 – 10.2.9
- Palo Alto Networks / pan-os10.2.8 – 10.2.8
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.7 – 10.2.7
- Palo Alto Networks / pan-os10.2.6 – 10.2.6
- Palo Alto Networks / pan-os10.2.5 – 10.2.5
- Palo Alto Networks / pan-os10.2.4 – 10.2.4
- Palo Alto Networks / pan-os10.2.3 – 10.2.3
- Palo Alto Networks / pan-os10.2.2 – 10.2.2
- Palo Alto Networks / pan-os10.2.1 – 10.2.1
- Palo Alto Networks / pan-os10.2.0 – 10.2.0
- Palo Alto Networks / Prisma AccessAll – All