Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-0030
PUBLISHED
More InfoOfficial Page
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
View Known Exploited Vulnerability (KEV) details
Published At-12 Oct, 2022 | 16:30
Updated At-15 May, 2025 | 14:00
Rejected At-
▼CVE Numbering Authority (CNA)
PAN-OS: Authentication Bypass in Web Interface

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
Versions
Affected
  • From 8.1 before 8.1.24 (custom)
    • -> unaffectedfrom8.1.24
Unaffected
  • 9.0 All
  • 9.1 All
  • 10.1 All
  • 10.2 All
  • 10.0 All
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Versions
Unaffected
  • All
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Versions
Unaffected
  • All
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue is fixed in PAN-OS 8.1.24 and all later PAN-OS versions. Please note that PAN-OS 8.1 has reached its software end-of-life (EoL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances and only until each of their respective hardware EoL dates: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates.html.

Configurations
Workarounds

Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat ID 92720 (Applications and Threats content update 8630-7638). To exploit this issue, the attacker must have network access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
Palo Alto Networks thanks the security researcher that discovered and reported this issue.
Timeline
EventDate
Initial publication2022-10-12 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2022-0030
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2022-0030
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found