An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pan-os | Paloaltonetworks | 8.1.0 (including) | 8.1.20 (excluding) |
| Pan-os | Paloaltonetworks | 9.0.0 (including) | 9.0.14 (excluding) |
| Pan-os | Paloaltonetworks | 9.1.0 (including) | 9.1.11 (excluding) |
| Pan-os | Paloaltonetworks | 10.0.0 (including) | 10.0.8 (excluding) |
Access control involves the use of several protection mechanisms such as:
When any mechanism is not applied or otherwise fails, attackers can compromise the security of the product by gaining privileges, reading sensitive information, executing commands, evading detection, etc. There are two distinct behaviors that can introduce access control weaknesses: