PT-2020-3477 · Palo Alto Networks · Pan-Os
Przemysław Kowalski
·
Published
2020-06-10
·
Updated
2020-06-16
·
CVE-2020-2029
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 8.0
PAN-OS versions 7.1 earlier than 7.1.26
PAN-OS versions 8.1 earlier than 8.1.13
Description
The issue is related to an OS Command Injection vulnerability in the PAN-OS web management interface. This vulnerability allows authenticated administrators to execute arbitrary OS commands with root privileges. The exploitation occurs by sending a malicious request to generate new certificates for use in the PAN-OS configuration.
Recommendations
For PAN-OS versions 8.0, update to a version later than 8.0 to resolve the issue.
For PAN-OS versions 7.1 earlier than 7.1.26, update to version 7.1.26 or later to resolve the issue.
For PAN-OS versions 8.1 earlier than 8.1.13, update to version 8.1.13 or later to resolve the issue.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os