Ethical Hacking News
Palo Alto Networks has addressed a high-severity authentication bypass exploit in its PAN-OS software that could result in an unauthenticated attacker with network access to the management web interface to invoke certain PHP scripts. The vulnerability affects several versions of PAN-OS, prompting users to take proactive measures to secure their systems.
Palo Alto Networks has addressed a high-severity security flaw (CVE-2025-0108) with a CVSS score of 7.8, allowing authentication bypass via directory traversal attack. Restricting access to the management interface can reduce severity from 7.8 to 5.1 if accessed only through a jump box. The vulnerability stems from Nginx and Apache handling incoming requests, leading to a potential directory traversal attack. Palo Alto Networks has also addressed two other vulnerabilities: CVE-2025-0109 (unauthenticated file deletion) with CVSS score of 5.5, and CVE-2025-0110 (command injection) with CVSS score of 7.3. To mitigate the risk, disable access to the management interface from untrusted networks or consider disabling the OpenConfig plugin.
Palo Alto Networks has recently addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass, posing significant risks to organizations relying on the software for their network security needs. According to the context provided, this vulnerability is tracked as CVE-2025-0108 and carries a CVSS score of 7.8 out of 10.0, indicating its high impact potential. However, if access to the management interface is restricted to a jump box, the severity drops to 5.1.
The vulnerability in question occurs due to a discrepancy in how the PAN-OS software's Nginx and Apache components handle incoming requests, leading to a directory traversal attack. This allows an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.
Adam Kues, a security researcher at Searchlight Cyber/Assetnote who is credited with discovering and reporting this flaw, explained that the security defect stems from the aforementioned discrepancy in how Nginx and Apache handle incoming requests. This results in a directory traversal attack, enabling an attacker to bypass authentication and invoke PHP scripts.
Palo Alto Networks has taken proactive steps to address these vulnerabilities by shipping updates that fix CVE-2025-0108, as well as two other flaws: CVE-2025-0109 and CVE-2025-0110. The first of these, CVE-2025-0109, carries a CVSS score of 5.5 and involves an unauthenticated file deletion vulnerability in the PAN-OS management web interface that allows an attacker with network access to delete certain files as the "nobody" user, including limited logs and configuration files.
The second vulnerability, CVE-2025-0110, has a CVSS score of 7.3 and is a command injection vulnerability in the PAN-OS OpenConfig plugin that enables an authenticated administrator with the ability to make gNMI requests to bypass system restrictions and run arbitrary commands. This vulnerability has also been addressed through updates shipped by Palo Alto Networks.
To mitigate the risk posed by these vulnerabilities, it's highly advised for organizations relying on PAN-OS software to disable access to the management interface from the internet or any untrusted network. For those who use OpenConfig, customers can either choose to disable or uninstall the plugin from their instances to minimize exposure to this vulnerability.
In conclusion, the recent patch from Palo Alto Networks highlights the importance of regularly updating and securing one's network security software to protect against emerging threats. The vulnerabilities in question demonstrate how critical it is for organizations to stay vigilant and proactive in addressing potential security weaknesses in their software and systems.
Related Information:
https://thehackernews.com/2025/02/palo-alto-networks-patches.html
https://nvd.nist.gov/vuln/detail/CVE-2025-0108
https://www.cvedetails.com/cve/CVE-2025-0108/
https://nvd.nist.gov/vuln/detail/CVE-2025-0109
https://www.cvedetails.com/cve/CVE-2025-0109/
https://nvd.nist.gov/vuln/detail/CVE-2025-0110
https://www.cvedetails.com/cve/CVE-2025-0110/
Published: Thu Feb 13 05:57:47 2025 by llama3.2 3B Q4_K_M
