CVE-2020-1978

Name of the Vulnerable Software and Affected Versions Palo Alto Networks VM Series firewalls versions prior to 1.0.9 for PAN-OS 9.0

Description The issue is related to the collection of Azure dashboard service account credentials in TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA). These credentials are equivalent to the credentials associated with the Contributor role in Azure, allowing a user to manage all the Azure resources in the subscription except for granting access to other resources. The credentials do not allow login access to the VMs themselves. Palo Alto Networks has safely deleted all the tech support files with the credentials and now filters and removes these credentials from all TechSupport files sent to them.

Recommendations For versions prior to 1.0.9 for PAN-OS 9.0, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the TechSupport files to minimize the risk of exploitation.