PT-2020-15265 · Palo Alto Networks · Pan-Os
Nicholas Newsom
·
Published
2020-09-09
·
Updated
2020-09-15
·
CVE-2020-2041
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks PAN-OS versions 8.0 through 8.1.15
Description
The issue is caused by an insecure configuration of the appweb daemon, allowing a remote unauthenticated user to send a specifically crafted request to the device, causing the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.
Recommendations
For PAN-OS versions 8.0 through 8.1.15, update to version 8.1.16 or later to resolve the issue.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os