PT-2020-3957 · Palo Alto Networks · Pan-Os
Yamata Li
·
Published
2020-09-09
·
Updated
2020-09-15
·
CVE-2020-2040
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
PAN-OS versions 8.0
PAN-OS 8.1 versions earlier than 8.1.15
PAN-OS 9.0 versions earlier than 9.0.9
PAN-OS 9.1 versions earlier than 9.1.3
Description:
A buffer overflow vulnerability in PAN-OS is related to the lack of size checking for input data. This issue can be exploited by an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the "Captive Portal" or "Multi-Factor Authentication" interface.
Recommendations:
For PAN-OS version 8.0, update to a version later than 8.0.
For PAN-OS 8.1 versions earlier than 8.1.15, update to version 8.1.15 or later.
For PAN-OS 9.0 versions earlier than 9.0.9, update to version 9.0.9 or later.
For PAN-OS 9.1 versions earlier than 9.1.3, update to version 9.1.3 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os