<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>PAN-OS &lt; 11.2.10-H11 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/pan-os--11.2.10-h11/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 08 Jul 2026 16:14:04 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/pan-os--11.2.10-h11/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface</title><link>https://feed.craftedsignal.io/briefs/2026-07-panos-ssrf/</link><pubDate>Wed, 08 Jul 2026 16:14:04 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-panos-ssrf/</guid><description>A server-side request forgery (SSRF) vulnerability, tracked as CVE-2026-0285, exists in the management web interface of Palo Alto Networks PAN-OS software, allowing an authenticated administrator with network access to make unauthorized requests from the firewall to internal services, potentially leading to information disclosure or further network compromise.</description><content:encoded><![CDATA[<p>Palo Alto Networks has disclosed CVE-2026-0285, a Server-Side Request Forgery (SSRF) vulnerability affecting their PAN-OS software's management web interface. This issue, internally discovered, enables an authenticated administrator with network access to the management interface to force the firewall to make unauthorized requests to internal services. While currently unreported as being maliciously exploited, the vulnerability carries a medium severity rating. Its risk is elevated if the management interface is directly exposed to the internet or untrusted networks, contrary to best practices. Versions of PAN-OS 10.2, 11.1, 11.2, and 12.1 are affected by this flaw, which could facilitate network reconnaissance or bypass internal network segmentation. Panorama, Cloud NGFW, and Prisma® Access products are not impacted.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Access</strong>: An attacker gains authenticated access to the Palo Alto Networks PAN-OS management web interface, likely through stolen credentials (T1078) or a prior compromise.</li>
<li><strong>Vulnerability Exploitation</strong>: The authenticated administrator crafts a malicious request leveraging the SSRF vulnerability (CVE-2026-0285, CWE-918) within the PAN-OS management web interface.</li>
<li><strong>Firewall-Initiated Request</strong>: The vulnerable PAN-OS firewall is tricked into initiating an arbitrary HTTP/S request from its own network context to a target specified by the attacker.</li>
<li><strong>Internal Network Access</strong>: The firewall, acting as an unwitting proxy, makes the unauthorized request to an internal service or host that is typically not directly reachable by the attacker's client.</li>
<li><strong>Information Disclosure/Service Interaction</strong>: The firewall processes the response from the internal service and potentially relays sensitive information or the results of service interaction back to the authenticated administrator via the management interface.</li>
<li><strong>Lateral Movement/Reconnaissance</strong>: The attacker uses the disclosed information or the ability to interact with internal services to conduct further reconnaissance, identify vulnerable internal systems, or bypass network segmentation, leading to deeper network compromise.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-0285 could enable an authenticated administrator to bypass network segmentation controls, conduct internal network reconnaissance, or interact with sensitive internal services that would otherwise be inaccessible. While no malicious exploitation has been reported, this could lead to unauthorized information disclosure from internal systems, expose vulnerable internal services, or facilitate lateral movement within an organization's network. The risk of impact is significantly higher for organizations that do not adhere to best practices by exposing their PAN-OS management interfaces to untrusted networks or the internet.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately patch CVE-2026-0285 by upgrading all affected PAN-OS instances to the recommended fixed versions listed in the advisory, such as PAN-OS 12.1.8+, 11.2.13+, 11.1.16+, or 10.2.18-h8+.</li>
<li>Restrict management interface access to only trusted internal IP addresses, ensuring that external or untrusted networks cannot reach the PAN-OS management interface, as noted in the <code>Recommendation</code> section.</li>
<li>For customers with a Threat Prevention subscription, enable Threat ID 510030 by updating to Applications and Threats content version 9122-10145 or later and ensure SSL Decryption is enabled for inbound traffic to management services.</li>
<li>Review network configurations to confirm management interfaces are isolated and follow Palo Alto Networks' best practice deployment guidelines for securing administrative access.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>server-side-request-forgery</category><category>ssrf</category><category>vulnerability</category><category>pan-os</category><category>palo-alto-networks</category><category>network-device</category></item></channel></rss>