PT-2020-15218 · Palo Alto Networks · Pan-Os

Published

2020-05-13

Updated

2020-05-15

CVE-2020-1993

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PAN-OS versions 7.1 through 8.0 PAN-OS versions 8.1 through 8.1.13 PAN-OS versions 9.0 through 9.0.7

Description The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID.

Recommendations For PAN-OS versions 7.1 through 8.0, update to a version later than 8.0. For PAN-OS versions 8.1 through 8.1.13, update to version 8.1.14 or later. For PAN-OS versions 9.0 through 9.0.7, update to version 9.0.8 or later.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2020-1993

Affected Products

Pan-Os

PT-2020-15218 · Palo Alto Networks · Pan-Os

CVE-2020-1993

Weakness Enumeration

Related Identifiers

Affected Products

References · 4