Palo Alto Networks has disclosed a critical vulnerability (CVE-2025-010) in its PAN-OS software that could allow attackers to bypass authentication on the management web interface.
This flaw, which has been assigned a CVSS Base Score of 8.8, poses a significant risk to organizations using affected versions of PAN-OS.
The vulnerability stems from an authentication bypass issue in the PAN-OS management web interface. An unauthenticated attacker with network access to the interface could exploit this flaw to invoke certain PHP scripts without proper authentication.
While this does not allow remote code execution, it could compromise the integrity and confidentiality of the system.
The issue is classified as CWE-306 (Missing Authentication for Critical Function) and CAPEC-115 (Authentication Bypass). Palo Alto Networks has emphasized that this vulnerability does not affect its Cloud NGFW or Prisma Access solutions.
Affected Versions
The vulnerability impacts specific versions of PAN-OS:
| PAN-OS Version | Affected | Unaffected |
|---|---|---|
| PAN-OS 11.2 | < 11.2.4-h4 | >= 11.2.4-h4 |
| PAN-OS 11.1 | < 11.1.6-h1 | >= 11.1.6-h1 |
| PAN-OS 10.2 | < 10.2.13-h3 | >= 10.2.13-h3 |
| PAN-OS 10.1 | < 10.1.14-h9 | >= 10.1.14-h9 |
PAN-OS version 11.0 has reached its end of life (EOL) as of November 17, 2024, and no fixes are planned for this release.
Exploitation Risk and Mitigation
The risk is highest for systems where access to the management web interface is enabled from untrusted networks or the internet either directly or through a dataplane interface with a management profile enabled.
To mitigate this risk, Palo Alto Networks recommends restricting access to trusted internal IP addresses and following best practices for securing administrative access.
Organizations are urged to:
- Upgrade affected systems to fixed versions as outlined above.
- Restrict access to the management web interface using internal IPs only.
- Implement a “jump box” system as an intermediary for accessing the management interface.
- Enable Threat IDs 510000 and 510001 through a Threat Prevention subscription to block potential attacks.
Palo Alto Networks has stated that it is not aware of any malicious exploitation of this vulnerability in the wild as of now.
While the vulnerability is rated as HIGH severity, Palo Alto Networks suggests a MODERATE urgency for remediation, given that exploitation requires specific configurations (e.g., internet-facing management interfaces). However, organizations are strongly advised to act promptly to secure their systems.
To identify potentially vulnerable assets, customers can review their devices via the Assets section of Palo Alto Networks’ Customer Support Portal. Devices flagged with “PAN-SA-2024-0015” should be prioritized for remediation.
PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar
The post Palo Alto PAN-OS 0-Day Vulnerability Let Attackers Bypass Web Interface Authentication appeared first on Cyber Security News.
