Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.
The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .
Panorama is not impacted by this vulnerability.
CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 5.2
You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet.
| Exploitability Metrics |
Vulnerable System Impact Metrics |
Subsequent System Impact Metrics |
| Attack Vector |
Adjacent |
Confidentiality |
High |
Confidentiality |
Low |
| Attack Complexity |
Low |
Integrity |
High |
Integrity |
Low |
| Attack Requirements |
Present |
Availability |
High |
Availability |
Low |
| Privileges Required |
None |
| User Interaction |
None |
You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet.
CVSS 4.0
CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 4.8
The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted.
| Exploitability Metrics |
Vulnerable System Impact Metrics |
Subsequent System Impact Metrics |
| Attack Vector |
Adjacent |
Confidentiality |
High |
Confidentiality |
Low |
| Attack Complexity |
Low |
Integrity |
High |
Integrity |
Low |
| Attack Requirements |
Present |
Availability |
High |
Availability |
Low |
| Privileges Required |
Low |
| User Interaction |
None |
The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted.
CVSS 4.0
Palo Alto Networks is not aware of any malicious exploitation of these issues.