A buffer overflow vulnerability has been identified in the IKEv2 processing of Palo Alto Networks PAN-OS software. This vulnerability allows an unauthenticated, network-based attacker to execute arbitrary code with elevated privileges on the firewall or to cause a denial-of-service condition. The issue affects PAN-OS versions 11.1, 11.2, and 12.1, with specific vulnerable subversions. Notably, Panorama, Cloud NGFW, and Prisma Access are not impacted by this vulnerability.
Exploitation of this vulnerability could lead to arbitrary code execution with elevated privileges on the affected firewall, or cause a denial-of-service condition.
Users can upgrade to the latest versions of PAN-OS 11.1, 11.2, or 12.1, depending on their current version. For those using IKEv2 VPN, it is recommended to configure VPN tunnels with NIST-approved Post Quantum Cryptography ciphers.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
