CVE-2020-2034

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 9.1.3 PAN-OS versions prior to 8.1.15 PAN-OS versions prior to 9.0.9 PAN-OS 8.0 (all versions) PAN-OS 7.1 (all versions)

Description An OS Command Injection issue in the GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. The attacker requires some knowledge of the firewall or may perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled. Palo Alto Networks is not aware of any malicious attempts to exploit this issue.

Recommendations For PAN-OS 9.1 versions earlier than 9.1.3, update to version 9.1.3 or later. For PAN-OS 8.1 versions earlier than 8.1.15, update to version 8.1.15 or later. For PAN-OS 9.0 versions earlier than 9.0.9, update to version 9.0.9 or later. For PAN-OS 8.0 and PAN-OS 7.1, consider upgrading to a newer version of PAN-OS that is not vulnerable to this issue. As a temporary workaround, consider disabling the GlobalProtect portal feature until a patch is available.