CVE-2022-0022
PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.
Uso de un algoritmo criptográfico débil en el software PAN-OS de Palo Alto Networks en el que los hashes de las contraseñas de las cuentas de administrador y de usuario local no se crean con un nivel de esfuerzo computacional suficiente, lo que permite realizar ataques de descifrado de contraseñas en las cuentas en modo operativo normal (no FIPS-CC). Un atacante debe tener acceso a los hashes de las contraseñas de las cuentas para aprovechar esta debilidad y puede adquirir esos hashes si consigue acceder a la configuración del software PAN-OS. Las versiones corregidas del software PAN-OS utilizan un algoritmo criptográfico seguro para los hashes de las contraseñas de las cuentas. Este problema no afecta a los cortafuegos Prisma Access. Este problema afecta a: Las versiones de PAN-OS 8.1 anteriores a PAN-OS 8.1.21; todas las versiones de PAN-OS 9.0; las versiones de PAN-OS 9.1 anteriores a PAN-OS 9.1.11; las versiones de PAN-OS 10.0 anteriores a PAN-OS 10.0.7
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-28 CVE Reserved
- 2022-03-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-916: Use of Password Hash With Insufficient Computational Effort
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0022 | 2022-03-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.21 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.21" | - |
Affected
| ||||||
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 <= 9.0.15 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 <= 9.0.15" | - |
Affected
| ||||||
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.11 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.11" | - |
Affected
| ||||||
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 10.0.0 < 10.0.7 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 10.0.0 < 10.0.7" | - |
Affected
| ||||||