Versio.io

CVE-2022-0011

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 10-02-2022 07:15
Last modified: - 17-02-2022 02:41
Total changes: - 2

Description

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
6.5
Base score
2.8
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=paloaltonetworks AND product=pan-os AND versionStartIncluding=8.1.0 AND versionEndExcluding=8.1.21
vendor=paloaltonetworks AND product=pan-os AND versionEndIncluding=9.0.15 AND versionStartIncluding=9.0.0
vendor=paloaltonetworks AND product=pan-os AND versionStartIncluding=9.1.0 AND versionEndExcluding=9.1.12
vendor=paloaltonetworks AND product=pan-os AND versionStartIncluding=10.0.0 AND versionEndExcluding=10.0.8
vendor=paloaltonetworks AND product=pan-os AND versionStartIncluding=10.1.0 AND versionEndExcluding=10.1.3
OR
vendor=paloaltonetworks AND product=prisma_access AND version=2.1 AND software_edition=innovation
vendor=paloaltonetworks AND product=prisma_access AND version=2.1 AND software_edition=preferred
vendor=paloaltonetworks AND product=prisma_access AND version=2.2 AND software_edition=preferred
 

Reference

  • N/A-Mitigation, Vendor Advisory
 


Keywords

NVD

 

CVE-2022-0011

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.