PT-2020-15246 · Palo Alto Networks · Palo Alto Networks Panorama
Ben Nott
·
Published
2020-11-11
·
Updated
2023-08-10
·
CVE-2020-2022
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks Panorama versions PAN-OS 8.1 through PAN-OS 8.1.16
Palo Alto Networks Panorama versions PAN-OS 9.0 through PAN-OS 9.0.10
Palo Alto Networks Panorama versions PAN-OS 9.1 through PAN-OS 9.1.4
Description
An information exposure issue exists in the Palo Alto Networks Panorama software, revealing the session token of the Panorama web interface administrator to a managed device when the administrator performs a context switch. This allows an attacker to gain privileged access to the Panorama web interface. The attacker requires some knowledge of managed firewalls to exploit this issue.
Recommendations
For versions PAN-OS 8.1 through PAN-OS 8.1.16, update to PAN-OS 8.1.17 or later.
For versions PAN-OS 9.0 through PAN-OS 9.0.10, update to PAN-OS 9.0.11 or later.
For versions PAN-OS 9.1 through PAN-OS 9.1.4, update to PAN-OS 9.1.5 or later.
Fix
Improper Privilege Management
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Palo Alto Networks Panorama