CVE-2022-0023

Summary

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS10.2.*unaffected
Palo Alto NetworksPAN-OS8.1 < 8.1.22affected
Palo Alto NetworksPAN-OS9.1 < 9.1.13affected
Palo Alto NetworksPAN-OS10.1 < 10.1.5affected
Palo Alto NetworksPAN-OS10.0 < 10.0.10affected
Palo Alto NetworksPAN-OS9.0 < 9.0.16affected
Palo Alto NetworksPrisma Access3.0 Preferred, Innovationunaffected
Palo Alto NetworksPrisma Access2.2 Preferredunaffected
Palo Alto NetworksPrisma Access2.1 Preferred, Innovationunaffected

Weaknesses

  • CWE-755: CWE-755 Improper Handling of Exceptional Conditions

Workarounds

Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556).

To completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version.

ADP Enrichment

CVE Program Container

Additional References

References