Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to use Qualys VMDR to automatically identify PAN-OS buffer overflow vulnerabilities. Many people may not know much about it. In order to let everyone know more, Xiaobian summarizes the following contents for everyone. I hope everyone can gain something according to this article.

What's written on the front

On September 9, 2020, Palo Alto Networks researchers issued nine security bulletins and fixed security vulnerabilities in PAN-OS v 8.0 and earlier versions. One of these vulnerabilities is CVE-2020-2040, which scored 9.8 on the CVSS v3 scoring system, a critical high-risk vulnerability.

PAN-OS devices are vulnerable to vulnerability CVE-2020-2040 once Captive Protal or multi-factor authentication interfaces are enabled. Once exploited successfully, an unauthenticated attacker would be able to root out by sending malicious requests to PAN-OS devices. This vulnerability is marked as high-risk for two main reasons. First, it does not require any authentication, and second, the vulnerability would allow an attacker to interrupt system processes and achieve arbitrary code injection.

According to Shodan's search information, there are currently more than 5,000 PAN-OS devices active on the network and accessible directly through the Internet. According to Qualys 'internal analysis, only 4% of these devices have a fix installed, so organizations need to take this vulnerability seriously and fix it as soon as possible.

In addition to CVE-2020-2040, Palo Alto Networks fixes the following vulnerabilities:

Affected Products:

PAN-OS 9.1PAN-OS 9.0PAN-OS 8.1PAN-OS 8.0

Identify Asset Security with Qualys VMDR

The first step is to identify asset risks, manage vulnerabilities and mitigate security impacts, and Qualys VMDR can help researchers identify the security of PAN-OS systems.

After identifying the host, Qualys VMDR will use a dynamic label to classify the host and label it "CVE-2020-2040."

PAN-OS Buffer Overflow Vulnerability Found CVE-2020-2040

Once the PAN-OS hosts have been identified, we need to detect these assets and flag vulnerabilities. VMDR can automatically detect new vulnerabilities such as CVE-2020-2040 based on the vulnerability database. We can use the following QQL query statement to view assets marked "CVE-2020-2040":

vulnerabilities.vulnerability.qid:13975

The query above will return a list of all affected hosts:

QID 13975 is available in signature version VULNSIGS-2.4.986-2 and later and can be detected using identity scanning. In addition to QID 13975, Qualys also published the following QIDs in the vulnerability knowledge base to help identify PAN-OS vulnerabilities:

QID 13975: Palo Alto Networks PAN-OS Buffer Overflow Vulnerability QID 13971: Palo Alto Networks PAN-OS Reflective XSS Vulnerability QID 13977: Palo Alto Networks PAN-OS Denial of Service Vulnerability QID 13972: Palo Alto Networks PAN-OS Command Injection Vulnerability QID 13973: Palo Alto Networks PAN-OS Command Injection Vulnerability QID 13978: Palo Alto Networks PAN-OS Management Web Interface Buffer Overflow Vulnerability QID 13974: Palo Alto Networks PAN-OS Management Web Interface Denial of Service Vulnerability QID 13979: Palo Alto Networks PAN-OS Information Disclosure Vulnerability QID 13980: Palo Alto Networks PAN-OS Information Disclosure Vulnerability

CVE-2020-2040 can be prioritized with the help of VMDR in conjunction with the following real-time threat metrics:

Remote code execution;

Denial of service;

Big data breach;

horizontal penetration;

exploit;

Most researchers only need to click on the affected assets to view the details of the vulnerability and host.

Tracking vulnerabilities through dashboards

By using VMDR dashboards, we can track PAN-OS vulnerabilities and the status of affected hosts and manage them in real time:

solutions

It is recommended that users upgrade PAN-OS to PAN-OS v8.1.15, PAN-OS v9.0.9 and PAN-OS v9.1.3 and higher as soon as possible.

After reading the above, do you have any further information on how to use Qualys VMDR to automatically identify PAN-OS buffer overflow vulnerabilities? If you still want to know more knowledge or related content, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.