The detection of a severe vulnerability in PAN-OS, the operating system present in the solutions of the technological firm Palo Alto Networks, has been confirmed. According to the report, successful exploitation of the flaw could lead to severe attack scenarios.  

Tracked as CVE-2022-0022, this vulnerability exists because the software does not use enough computing resources to create password hashing for local user accounts. Local users with privileged access could exploit the flaw to crack other users’ passwords.

The vulnerability received a score of 3.6/10 under the Common Vulnerability Scoring System (CVSS) and appears to affect only firewalls and Panorama devices running in normal operating mode.

According to the report, the flaw resides in the following versions of Palo Alto PAN-OS: 10.0.0 – 10.0.6, 9.0 – 9.0.16, 9.1 – 9.1.10 and 8.1 – 8.1.20-h1.

As mentioned above, the flaw can only be exploited locally by threat actors with privileged access, which greatly reduces the risk of exploitation. Although no active exploitation attempts have been detected, Palo Alto security teams recommend that you install the appropriate updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.