PT-2020-3411 · Palo Alto Networks · Pan-Os

Published

2020-04-08

Updated

2020-04-10

CVE-2020-1992

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PAN-OS versions 9.0.0 through 9.0.6 PAN-OS versions 9.1.0 through 9.1.1

Description A format string vulnerability in the Varrcvr daemon of PAN-OS allows remote attackers to crash the daemon, creating a denial of service condition, or potentially execute code with root privileges. This issue requires WildFire services to be configured and enabled.

Recommendations For PAN-OS versions 9.0.0 through 9.0.6, update to version 9.0.7 or later to resolve the issue. For PAN-OS versions 9.1.0 through 9.1.1, update to version 9.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the WildFire services until a patch is available.

Fix

DoS

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

BDU:2020-03734

CVE-2020-1992

Affected Products

Pan-Os

PT-2020-3411 · Palo Alto Networks · Pan-Os

CVE-2020-1992

Weakness Enumeration

Related Identifiers

Affected Products

References · 5