Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Palo Alto PAN-OS

#VU55822 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Palo Alto PAN-OS

Published: 2021-08-12

Vulnerability identifier: #VU55822

Vulnerability risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3047

CWE-ID: CWE-338

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor: Palo Alto Networks, Inc.

Description

The vulnerability allows a remote user to impersonate sessions of other users.

The vulnerability exists due to usage of a weak pseudo-random number generator (PRNG) in PAN-OS web interface. A remote authenticated user with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance can impersonate another authenticated web interface administrator's session.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 10.0.0 - 10.0.3, 9.1.0 - 9.1.9, 9.0.0 - 9.0.13, 8.1.0 - 8.1.18

External links
http://security.paloaltonetworks.com/CVE-2021-3047

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Weak Cryptography in Palo Alto Networks PAN-OS