Palo Alto Alert
3483Warning Date
Severity Level
Warning Number
Target Sector
10 February, 2022
● High
2022-4360
All
Description:
Palo Alto has released security updates to address multiple vulnerabilities in the following products:
- GlobalProtect App 5.2 < 5.2.9 on Windows and MacOS
- GlobalProtect App 5.3 < 5.3.2 on Linux
- GlobalProtect App 5.2 <= 5.2.7 on Linux
- GlobalProtect App 5.1 < 5.1.10 on Linux, Windows and MacOS
- PAN-OS 10.1 < 10.1.3
- PAN-OS 10.0 < 10.0.8
- PAN-OS 9.1 < 9.1.12
- PAN-OS 9.0 9.0.*
- PAN-OS 8.1 < 8.1.21
- Prisma Access 2.2 Preferred
- Prisma Access 2.1 Preferred, Innovation
- Cortex XSOAR 6.2.0 < 1958888
- Cortex XSOAR 6.1.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized disclosure of information
- Cross-site scripting (XSS)
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review Palo Alto security advisory and apply the necessary updates:
- https://security.paloaltonetworks.com/CVE-2022-0021
- https://security.paloaltonetworks.com/CVE-2022-0019
- https://security.paloaltonetworks.com/CVE-2022-0018
- https://security.paloaltonetworks.com/CVE-2022-0011
- https://security.paloaltonetworks.com/CVE-2022-0020
- https://security.paloaltonetworks.com/CVE-2022-0017
- https://security.paloaltonetworks.com/CVE-2022-0016