CVE-2020-2018

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 7.1.26 PAN-OS versions prior to 8.1.12 PAN-OS versions prior to 9.0.6 PAN-OS 8.0 (all versions)

Description The issue is related to an authentication bypass vulnerability in the Panorama context switching feature, which can allow an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. The attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.

Recommendations For PAN-OS versions prior to 7.1.26, update to version 7.1.26 or later. For PAN-OS versions prior to 8.1.12, update to version 8.1.12 or later. For PAN-OS versions prior to 9.0.6, update to version 9.0.6 or later. For PAN-OS 8.0, consider upgrading to a newer version of PAN-OS that is not affected by this issue. As a temporary workaround, consider configuring Panorama with custom certificates authentication for communication between Panorama and managed devices to prevent exploitation.