PT-2020-3033 · Palo Alto Networks · Pan-Os

Published

2020-03-11

Updated

2020-03-13

CVE-2020-1981

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 8.1.13

Description A predictable temporary filename issue in PAN-OS allows a local attacker to bypass the restricted shell, execute commands as a low-privileged user, and gain root access on the PAN-OS hardware or virtual appliance. This issue can be exploited by a local attacker to elevate their privileges to the root level.

Recommendations For PAN-OS versions prior to 8.1.13, update to version 8.1.13 or later to resolve the issue.

Fix

LPE

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-377

Related Identifiers

BDU:2020-03289

CVE-2020-1981

Affected Products

Pan-Os

PT-2020-3033 · Palo Alto Networks · Pan-Os

CVE-2020-1981

Weakness Enumeration

Related Identifiers

Affected Products

References · 4