CISA KEV 정보
| 취약점명 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability |
|---|---|
| 설명 | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-306 |
| 등록일 (KEV) | 2025-02-18 |
| 조치 기한 | 2025-03-11 |
| 추가 참고 | https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108 |
NVD 상세 정보
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:RedCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N설명: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
CWE: CWE-306 | CWE-306
참조
- https://security.paloaltonetworks.com/CVE-2025-0108 [Exploit, Vendor Advisory]
- https://github.com/iSee857/CVE-2025-0108-PoC [Exploit, Third Party Advisory]
- https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ [Exploit, Press/Media Coverage]
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ [Press/Media Coverage, Third Party Advisory]
- https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild [Press/Media Coverage, Third Party Advisory]
- https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/ [Press/Media Coverage, Third Party Advisory]
- https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ [Press/Media Coverage, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.