A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
10.2.18-h610.2.7-h3410.2.10-h3610.2.13-h2110.2.16-h711.1.1511.1.4-h3311.1.6-h3211.1.7-h611.1.10-h25+7 moreExploitability
AV:AAC:LAT:NPR:NUI:NVulnerable System
VC:HVI:HVA:HSubsequent System
SC:LSI:LSA:N8.7/CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:RedMemory Safety