CVE-2022-0030: 
PAN-OS vulnerability analysis and mitigation

An authentication bypass vulnerability (CVE-2022-0030) was discovered in the Palo Alto Networks PAN-OS 8.1 web interface. The vulnerability was disclosed on October 12, 2022, affecting PAN-OS 8.1 versions prior to 8.1.24. This critical security flaw allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions (Palo Alto, CVE).

The vulnerability has been assigned a CVSSv3.1 Base Score of 8.1 (HIGH) with the following characteristics: Attack Vector: NETWORK, Attack Complexity: HIGH, Privileges Required: NONE, User Interaction: NONE, Scope: UNCHANGED, and Impact levels (Confidentiality, Integrity, and Availability) all rated as HIGH. The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) (Palo Alto).

If exploited, this vulnerability allows attackers to bypass authentication mechanisms and impersonate existing PAN-OS administrators, potentially gaining full administrative access to perform privileged actions on the affected systems. This could lead to complete compromise of the firewall or Panorama appliance's security controls (Palo Alto).

The vulnerability has been fixed in PAN-OS 8.1.24 and all later PAN-OS versions. For customers with a Threat Prevention subscription, known attacks can be blocked by enabling Threat ID 92720 (Applications and Threats content update 8630-7638). Additionally, organizations can mitigate the impact by following best practices for securing the PAN-OS web interface and limiting network access to the web interface (Palo Alto).