Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed


Palo Alto Networks (PAN) published nine security advisories for a series of vulnerabilities affecting PAN-OS, a custom operating system (OS) found in PAN’s next-generation firewalls. Below is a comment from Rody Quinlan, Security Response Manager, Tenable. A further analysis can be found in this blog.

CVE-2020-2040, a buffer overflow vulnerability is a major concern because PAN-OS is, fundamentally, the guardian between an organisation’s network and the outside world. Successful exploitation could allow an attacker to disrupt system processes, which includes preventing the firewall from doing its job. This would allow an attacker to essentially gain control of the organisation’s firewall rules too. In layman’s terms, an attacker could break down a line of defence to, or within, the network or rewrite the rules and decide who does or does not have access.

It’s important not to panic as there is no evidence that this vulnerability has been exploited in the wild and, for now, there is no proof-of-concept code available. However, as is often the case with this type of serious vulnerability, that could change at any moment. That, combined with the number of publicly accessible PAN-OS devices and the potential risk, means organisations running affected versions of PAN-OS should take the threat seriously and upgrade to a fixed version as soon as possible.” – Rody Quinlan, Security Response Manager at Tenable.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: