Palo Alto Networks PAN-OS
Easy fix5 remedies
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 11.2.0, <= 11.2.4
- >= 11.1.0, <= 11.1.7
- >= 10.2.0, <= 10.2.12
- >= 10.1.0, <= 10.1.14-h14
Palo Alto Networks PAN-OS Improper Input Neutralization Vulnerability in Management Web Interface Allowing Administrator Impersonation
Vulnerability
Patched
A vulnerability allowing improper input neutralization has been identified in the management web interface of Palo Alto Networks PAN-OS software. This vulnerability enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. Exploitation requires network access to the management web interface.
Impact
Successful exploitation allows an authenticated administrator to impersonate another administrator, potentially leading to unauthorized actions or access within the PAN-OS environment.
Remediation
Administrators are advised to upgrade to PAN-OS versions 11.2.5, 11.1.8, 10.2.13, or 10.1.14-h14. For all other unsupported PAN-OS versions, upgrade to a supported fixed version. Additionally, restrict management web interface access to trusted internal IP addresses, following Palo Alto Networks' critical deployment guidelines.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
5.0exploitability
4.4remediation
7.9relevance
0.0threat
0.0urgency
5.7incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.