OpenCVE

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0023

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-04-13T18:35:10.474819Z

Updated: 2024-09-16T19:05:33.962Z

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0023

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-13T19:15:09.057

Modified: 2024-11-21T06:37:50.410

Link: CVE-2022-0023

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "10.2.*"}, {"changes": [{"at": "8.1.22", "status": "unaffected"}], "lessThan": "8.1.22", "status": "affected", "version": "8.1", "versionType": "custom"}, {"changes": [{"at": "9.1.13", "status": "unaffected"}], "lessThan": "9.1.13", "status": "affected", "version": "9.1", "versionType": "custom"}, {"changes": [{"at": "10.1.5", "status": "unaffected"}], "lessThan": "10.1.5", "status": "affected", "version": "10.1", "versionType": "custom"}, {"changes": [{"at": "10.0.10", "status": "unaffected"}], "lessThan": "10.0.10", "status": "affected", "version": "10.0", "versionType": "custom"}, {"changes": [{"at": "9.0.16", "status": "unaffected"}], "lessThan": "9.0.16", "status": "affected", "version": "9.0", "versionType": "custom"}]}, {"product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "3.0 Preferred, Innovation"}, {"status": "unaffected", "version": "2.2 Preferred"}, {"status": "unaffected", "version": "2.1 Preferred, Innovation"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to PAN-OS hardware and virtual firewalls with the DNS proxy feature enabled. You can verify whether DNS proxy is enabled by selecting 'Network > DNS Proxy\u2019 from the web interface."}], "credits": [{"lang": "en", "value": "This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}], "datePublic": "2022-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-13T18:35:10", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0023"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.22, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions."}], "source": {"defect": ["PAN-164264"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-04-13T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy", "workarounds": [{"lang": "en", "value": "Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556).\n\nTo completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-04-13T16:00:00.000Z", "ID": "CVE-2022-0023", "STATE": "PUBLIC", "TITLE": "PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.22"}, {"version_affected": "<", "version_name": "9.1", "version_value": "9.1.13"}, {"version_affected": "<", "version_name": "10.1", "version_value": "10.1.5"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.22"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.13"}, {"version_affected": "!>=", "version_name": "10.1", "version_value": "10.1.5"}, {"version_affected": "!", "version_name": "10.2", "version_value": "10.2.*"}, {"version_affected": "<", "version_name": "10.0", "version_value": "10.0.10"}, {"version_affected": "!>=", "version_name": "10.0", "version_value": "10.0.10"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.16"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.16"}]}}, {"product_name": "Prisma Access", "version": {"version_data": [{"version_affected": "!", "version_name": "3.0", "version_value": "Preferred, Innovation"}, {"version_affected": "!", "version_name": "2.2", "version_value": "Preferred"}, {"version_affected": "!", "version_name": "2.1", "version_value": "Preferred, Innovation"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to PAN-OS hardware and virtual firewalls with the DNS proxy feature enabled. You can verify whether DNS proxy is enabled by selecting 'Network > DNS Proxy\u2019 from the web interface."}], "credit": [{"lang": "eng", "value": "This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755 Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0023", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0023"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.22, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions."}], "source": {"defect": ["PAN-164264"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-04-13T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556).\n\nTo completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version."}], "x_advisoryEoL": false, "x_affectedList": ["PAN-OS 10.1.4", "PAN-OS 10.1.3", "PAN-OS 10.1.2", "PAN-OS 10.1.1", "PAN-OS 10.1.0", "PAN-OS 10.1", "PAN-OS 10.0.9", "PAN-OS 10.0.8", "PAN-OS 10.0.7", "PAN-OS 10.0.6", "PAN-OS 10.0.5", "PAN-OS 10.0.4", "PAN-OS 10.0.3", "PAN-OS 10.0.2", "PAN-OS 10.0.1", "PAN-OS 10.0.0", "PAN-OS 10.0", "PAN-OS 9.1.12", "PAN-OS 9.1.11", "PAN-OS 9.1.9", "PAN-OS 9.1.8", "PAN-OS 9.1.7", "PAN-OS 9.1.6", "PAN-OS 9.1.5", "PAN-OS 9.1.4", "PAN-OS 9.1.3-h1", "PAN-OS 9.1.3", "PAN-OS 9.1.2-h1", "PAN-OS 9.1.2", "PAN-OS 9.1.1", "PAN-OS 9.1.0-h3", "PAN-OS 9.1.0-h2", "PAN-OS 9.1.0-h1", "PAN-OS 9.1.0", "PAN-OS 9.1", "PAN-OS 9.0.15", "PAN-OS 9.0.14-h4", "PAN-OS 9.0.14-h3", "PAN-OS 9.0.14-h2", "PAN-OS 9.0.14-h1", "PAN-OS 9.0.14", "PAN-OS 9.0.13", "PAN-OS 9.0.12", "PAN-OS 9.0.11", "PAN-OS 9.0.10", "PAN-OS 9.0.9-h1", "PAN-OS 9.0.9", "PAN-OS 9.0.8", "PAN-OS 9.0.7", "PAN-OS 9.0.6", "PAN-OS 9.0.5", "PAN-OS 9.0.4", "PAN-OS 9.0.3-h3", "PAN-OS 9.0.3-h2", "PAN-OS 9.0.3-h1", "PAN-OS 9.0.3", "PAN-OS 9.0.2-h4", "PAN-OS 9.0.2-h3", "PAN-OS 9.0.2-h2", "PAN-OS 9.0.2-h1", "PAN-OS 9.0.2", "PAN-OS 9.0.1", "PAN-OS 9.0.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.446Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2022-0023"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0023", "datePublished": "2022-04-13T18:35:10.474819Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-16T19:05:33.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC3526AD-4E39-4D8D-9265-1EB1948081D5", "versionEndExcluding": "8.1.22", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E3757E3-17C0-4D42-A31A-78F40A774F41", "versionEndExcluding": "9.0.16", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AB9A952-7A40-40C9-A8B4-2227F18555B4", "versionEndExcluding": "9.1.13", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B2FCE56-9375-4F9A-8E4F-1573B64665CA", "versionEndExcluding": "10.0.10", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EDCD5AD-A5F9-41CE-8D23-53C2457FFFD9", "versionEndExcluding": "10.1.5", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de manejo inapropiado de condiciones excepcionales en la funci\u00f3n de proxy DNS del software PAN-OS de Palo Alto Networks que permite a un atacante de tipo meddler-in-the-middle (MITM) enviar tr\u00e1fico espec\u00edficamente dise\u00f1ado al firewall que causa un reinicio no esperado del servicio. Los intentos repetidos de enviar esta petici\u00f3n resultan en una denegaci\u00f3n de servicio a todos los servicios de PAN-OS, reiniciando el dispositivo en modo de mantenimiento. Este problema no afecta a dispositivos de Panorama ni a clientes de Prisma Access. Este problema afecta a: PAN-OS versiones anteriores a 8.1.22; PAN-OS 9.0 versiones anteriores a PAN-OS 9.0.16; PAN-OS 9.1 versiones anteriores a PAN-OS 9.1.13; PAN-OS 10.0 versiones anteriores a PAN-OS 10.0.10; PAN-OS 10.1 versiones anteriores a PAN-OS 10.1.5. Este problema no afecta a PAN-OS versi\u00f3n 10.2"}], "id": "CVE-2022-0023", "lastModified": "2024-11-21T06:37:50.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-13T19:15:09.057", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0023"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}