CVE-2020-1999
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 7.1.* | affected |
| Palo Alto Networks | PAN-OS | 8.0.* | affected |
| Palo Alto Networks | PAN-OS | 10.0.* | unaffected |
| Palo Alto Networks | PAN-OS | 8.1 < 8.1.17 | affected |
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.11 | affected |
| Palo Alto Networks | PAN-OS | 9.1 < 9.1.5 | affected |
Weaknesses
- CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
Workarounds
There are no known workarounds for this issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.