CVE-2020-1999

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 7.1.24 PAN-OS versions 7.1 through 8.0 PAN-OS versions 8.1 through 8.1.16 PAN-OS versions 9.0 through 9.0.10 PAN-OS versions 9.1 through 9.1.4

Description A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. The issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. However, there could be an impact on the accuracy of firewall threat prevention with some signatures.

Recommendations For PAN-OS versions prior to 7.1.24, update to version 7.1.24 or later. For PAN-OS versions 7.1 through 8.0, update to version 8.1 or later. For PAN-OS versions 8.1 through 8.1.16, update to version 8.1.17 or later. For PAN-OS versions 9.0 through 9.0.10, update to version 9.0.11 or later. For PAN-OS versions 9.1 through 9.1.4, update to version 9.1.5 or later.