Firewall Flaw Grants Root Access to Network Edge Devices

Critical Vulnerability in PAN-OS Authentication Portal

A severe security flaw in Palo Alto Networks PAN-OS is actively being exploited to compromise enterprise firewalls. The vulnerability resides in the User-ID Authentication Portal and allows unauthenticated attackers to achieve arbitrary code execution with root privileges on affected devices. This weakness stems from a buffer overflow condition that can be triggered by sending specially crafted network packets to the exposed service.

Contents

Critical Vulnerability in PAN-OS Authentication Portal Affected Versions and Risk Factors Patching and Mitigation Guidance

Palo Alto Networks has confirmed limited exploitation in the wild, particularly targeting firewalls where the authentication portal is accessible from untrusted or public networks. Since these devices are often deployed at the network perimeter, a successful attack could give threat actors complete control over the firewall and provide a foothold to move laterally across the entire enterprise network.

Affected Versions and Risk Factors

The vulnerability impacts multiple PAN-OS release branches, including versions 10.2, 11.1, 11.2, and 12.1, before the patched builds. Exploitation is only possible when the User-ID Authentication Portal is enabled and configured with a management interface profile that has response pages enabled on an interface exposed to untrusted zones. Organizations that restrict portal access to trusted internal IP addresses face significantly lower risk.

The flaw carries a critical CVSS score, reflecting both the ease of remote exploitation and the severity of impact. Even without direct internet exposure, attackers on adjacent networks may exploit this vulnerability, which reduces the complexity for lateral movement within compromised environments. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this issue.

Patching and Mitigation Guidance

Palo Alto Networks has released security patches across all affected PAN-OS versions, with additional fixes scheduled for deployment. Organizations are strongly urged to apply these updates immediately to firewalls that have the authentication portal enabled. As an interim mitigation, administrators should restrict access to the User-ID Authentication Portal to trusted internal networks and disable the service on internet facing interfaces if not required for business operations.

Source: Cyber Security News

Firewall Flaw Grants Root Access to Network Edge Devices

An unauthenticated buffer overflow in the PAN-OS authentication portal allows remote attackers to execute arbitrary code with root privileges, with confirmed exploitation targeting exposed firewalls.

Critical Vulnerability in PAN-OS Authentication Portal

Affected Versions and Risk Factors

Patching and Mitigation Guidance

Trending

Attackers Link Tiny Flaws Into Lethal Chains Spanning Code and Cloud

Exim Patches Critical BDAT Use After Free Flaw in GnuTLS Builds

AI Model Used to Craft First Mass Exploit Tool for Two Factor Auth Bypass

Self-Propagating Malware Devours Developer Credentials Across Cloud Services

MicroStealer Campaign Targets Education and Telecom Sectors via Discord Exfiltration

Related Stories

Active Exploitation of Critical cPanel and WHM Authentication Bypass Confirmed

Google Ships Patch for 79 Chrome Flaws, Urges Immediate Update

Mythos AI Reveals macOS Kernel Bugs That Break Apple’s Memory Defenses

Dell SupportAssist Bug Triggers Widespread Windows System Crashes