PT-2020-3030 · Palo Alto Networks · Pan-Os

Published

2020-03-11

Updated

2020-03-13

CVE-2020-1980

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 8.1.13

Description A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. The issue is related to the lack of input validation measures in the CLI component.

Recommendations For versions prior to 8.1.13, update to PAN-OS 8.1.13 or a later version to resolve the issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

BDU:2020-03285

CVE-2020-1980

Affected Products

Pan-Os

PT-2020-3030 · Palo Alto Networks · Pan-Os

CVE-2020-1980

Weakness Enumeration

Related Identifiers

Affected Products

References · 4