Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-0023
HistoryApr 13, 2022 - 7:15 p.m.

CVE-2022-0023

2022-04-1319:15:09
CWE-755
[email protected]
web.nvd.nist.gov
2
palo alto networks
pan-os
dns proxy

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.8%

JSON

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2.

Affected configurations

Nvd
Node
paloaltonetworkspan-osRange8.1.08.1.22
OR
paloaltonetworkspan-osRange9.0.09.0.16
OR
paloaltonetworkspan-osRange9.1.09.1.13
OR
paloaltonetworkspan-osRange10.0.010.0.10
OR
paloaltonetworkspan-osRange10.1.010.1.5
VendorProductVersionCPE
paloaltonetworkspan-os*cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Related

paloalto 1
prion 1
cvelist 1
nessus 1
cve 1
paloalto
paloalto
PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy
2022-04-13 16:00:00
prion
prion
Design/Logic Flaw
2022-04-13 19:15:00
cvelist
cvelist
CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy
2022-04-13 18:35:10
nessus
nessus
Palo Alto Networks PAN-OS 8.1.x < 8.1.22 / 9.0.x < 9.0.16 / 9.1.x < 9.1.13 / 10.0.x < 10.0.10 / 10.1.x < 10.1.5 Vulnerability
2022-04-13 00:00:00
cve
cve
CVE-2022-0023
2022-04-13 19:15:09

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.8%

JSON
Related for NVD:CVE-2022-0023
paloalto1prion1cvelist1nessus1cve1