CVE-2020-2028

Name of the Vulnerable Software and Affected Versions PAN-OS versions 7.1 through 8.0 PAN-OS versions 8.1 through 8.1.12 PAN-OS versions 9.0 through 9.0.6

Description The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows an attacker to execute arbitrary operating system commands with root privileges when uploading a new certificate in FIPS-CC mode. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For PAN-OS versions 7.1 through 8.0, update to a version later than 8.0. For PAN-OS versions 8.1 through 8.1.12, update to PAN-OS 8.1.13 or later. For PAN-OS versions 9.0 through 9.0.6, update to PAN-OS 9.0.7 or later. As a temporary workaround, consider restricting access to the certificate upload feature in FIPS-CC mode until a patch is available.