PAN-OS: Integer underflow in the management interface

2020-07-08T16:00:00
ID PA-CVE-2020-2031
Type paloalto
Reporter Palo Alto Networks Product Security Incident Response Team
Modified 2020-07-08T16:00:00

Description

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.

Work around: This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.