430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. The most severe flaw is a buffer overflow issue can be exploited […]

Palo Alto Networks Palo Alto Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS FlawGlobalProtect CVE-2026-0257

Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

The most severe flaw is a buffer overflow issue can be exploited by a remote, unauthenticated attacker to disrupt system processes and possibly to execute arbitrary code with root permissions.

The vulnerability, tracked as CVE-2020-2040, could be exploited by sending specially crafted requests to the Multi-Factor Authentication (MFA) interface or the Captive Portal.

“A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.” reads the advisory published by the vendor.

The flaw received a CVSS score of 9.8, it impacts all versions of PAN-OS 8.0, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, PAN-OS 9.1 versions earlier than PAN-OS 9.1.3..

Another severe flaw addressed by the company is Reflected Cross-Site Scripting (XSS) issue in PAN-OS, tracked as CVE-2020-2036, that resides in the management web interface.

“A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.” reads the advisory. “A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions.”

The flaw received a CVSS score of 8.8, it affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.16 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.

Palo Alto Networks also addressed a Management web interface denial-of-service (DoS) issue in PAN-OS, which is tracked as CVE-2020-2041.

“An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.” reads the advisory. “Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.”

The full list of vulnerabilities addressed by the company is available here.

Palo Alto Networks says it’s not aware of attacks in the wild exploiting the able vulnerabilities.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Palo Alto Networks)

[adrotate banner=”5″]

[adrotate banner=”13″]