Multiple vulnerabilities in Palo Alto Networks PAN-OS



Published: 2020-05-14 | Updated: 2023-12-19
Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2020-1993
CVE-2020-1994
CVE-2020-1995
CVE-2020-1996
CVE-2020-1997
CVE-2020-1998
CVE-2020-2001
CVE-2020-2002
CVE-2020-2003
CVE-2020-2005
CVE-2020-2006
CVE-2020-2007
CVE-2020-2008
CVE-2020-2009
CVE-2020-2010
CVE-2020-2012
CVE-2020-2013
CVE-2020-2014
CVE-2020-2015
CVE-2020-2017
CVE-2020-2018
CVE-2017-7529
CWE-ID CWE-384
CWE-264
CWE-476
CWE-285
CWE-601
CWE-434
CWE-287
CWE-284
CWE-79
CWE-119
CWE-78
CWE-611
CWE-319
CWE-190
Exploitation vector Network
Public exploit Public exploit code for vulnerability #22 is available.
Vulnerable software
Subscribe
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor Palo Alto Networks, Inc.

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Session Fixation

EUVDB-ID: #VU27903

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1993

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to insecure session management mechanism within the GlobalProtect Portal feature in PAN-OS. A remote non-authenticated attacker can with ability to control victim's session identifier can hijack victim's session.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.7

External links

http://security.paloaltonetworks.com/CVE-2020-1993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU27902

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1994

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to corrupt arbitrary files on the system.

The vulnerability exists due to application uses predictable filenames for temporary files. A local user with shell access to the system can corrupt arbitrary files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 8.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU27901

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1995

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the rasmgr daemon. A remote authenticated administrator can send a specially crafted request to the system, trigger NULL pointer dereference error and cause denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 9.1.0 - 9.1.1

External links

http://security.paloaltonetworks.com/CVE-2020-1995


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Authorization

EUVDB-ID: #VU27900

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1996

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization and manipulate log files.

The vulnerability exists in the management server component of PAN-OS Panorama. A remote non-authenticated attacker can send a specially crafted request to the system and inject messages into the management server ms.log file.

Successful exploitation of the vulnerability may allow an attacker to obfuscate log files and hide malicious presence on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.8

External links

http://security.paloaltonetworks.com/CVE-2020-1996


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Open redirect

EUVDB-ID: #VU27899

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1997

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data after successful authentication in the GlobalProtect component of Palo Alto Networks PAN-OS. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 8.0.13

External links

http://security.paloaltonetworks.com/CVE-2020-1997


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Authorization

EUVDB-ID: #VU27898

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1998

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote user to gain elevated privileges on the system.

The vulnerability exists within SAML SSO in PAN-OS that mistakenly uses the permissions of local Linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. A remote user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.1.0

External links

http://security.paloaltonetworks.com/CVE-2020-1998


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Arbitrary file upload

EUVDB-ID: #VU27897

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2001

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the Palo Alto Networks PAN-OS Panorama XSLT processing logic. A remote non-authenticated attacker can upload a malicious file and execute it on the system with administrator privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.5-h3

External links

http://security.paloaltonetworks.com/CVE-2020-2001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Authentication

EUVDB-ID: #VU27896

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2002

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.5-h3

External links

http://security.paloaltonetworks.com/CVE-2020-2002


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper access control

EUVDB-ID: #VU27895

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2003

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to application allows a remote user to manipulate filename during file deletion and does not check if the user has appropriate permissions to delete files. A remote user can send specially crafted request to the system and delete arbitrary files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.1.0

External links

http://security.paloaltonetworks.com/CVE-2020-2003


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Cross-site scripting

EUVDB-ID: #VU27894

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2005

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Palo Alto Networks GlobalProtect Clientless VPN. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to hijack victim's VPN session.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2005


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU27893

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2006

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in management server payload parser. A remote user can trigger memory corruption and execute arbitrary code on the target system with root privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 8.1.13

External links

http://security.paloaltonetworks.com/CVE-2020-2006


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) OS Command Injection

EUVDB-ID: #VU27892

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2007

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the management server component of PAN-OS. A remote authenticated user can pass specially crafted data to the application and execute arbitrary OS commands on the target system with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2007


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) OS Command Injection

EUVDB-ID: #VU27891

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2008

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote administrator to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in Palo Alto Networks PAN-OS. A remote authenticated administrator can pass specially crafted data to the application and delete arbitrary files or execute arbitrary OS commands on the target system with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 8.1.13

External links

http://security.paloaltonetworks.com/CVE-2020-2008


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Arbitrary file upload

EUVDB-ID: #VU27890

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2009

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the SD WAN component of Palo Alto Networks PAN-OS Panorama. A remote authenticated user can upload a malicious file and execute it on the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2009


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) OS Command Injection

EUVDB-ID: #VU27889

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2010

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote administrator to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in PAN-OS management interface. A remote authenticated administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2010


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) XML External Entity injection

EUVDB-ID: #VU27888

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2012

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input in Palo Alto Networks Panorama management service. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Cleartext transmission of sensitive information

EUVDB-ID: #VU27887

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2013

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in Palo Alto Networks PAN-OS Panoramathat discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.1.0

External links

http://security.paloaltonetworks.com/CVE-2020-2013


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) OS Command Injection

EUVDB-ID: #VU27886

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2014

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in PAN-OS management server. A remote authenticated user can pass specially crafted data to the application and execute arbitrary OS commands on the target system with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

External links

http://security.paloaltonetworks.com/CVE-2020-2014


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU27885

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the PAN-OS management server. A remote authenticated user can send a specially crafted request to the system, trigger memory corruption and execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.1.0

External links

http://security.paloaltonetworks.com/CVE-2020-2015


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) DOM-based cross-site scripting

EUVDB-ID: #VU27884

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2017

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.5-h3

External links

http://security.paloaltonetworks.com/CVE-2020-2017


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper Authentication

EUVDB-ID: #VU27883

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2018

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insecure registration mechanism in Palo Alto Networks PAN-OS Panorama proxy service. A remote attacker with network access to the Panorama and the knowledge of the Firewall’s serial number can register the PAN-OS firewall and gain full access to the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.5-h3

External links

http://security.paloaltonetworks.com/CVE-2020-2018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Integer overflow

EUVDB-ID: #VU7410

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7529

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to integer overflow when processing specially crafted requests. A remote attacker can send a malicious request to vulnerable server and gain access to potentially sensitive information.
 
When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.5-h3

External links

http://security.paloaltonetworks.com/CVE-2017-7529


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###