CVE-2020-2000

Summary

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS8.1 < 8.1.16affected
Palo Alto NetworksPAN-OS9.0 < 9.0.10affected
Palo Alto NetworksPAN-OS9.1 < 9.1.4affected
Palo Alto NetworksPAN-OS10.0 < 10.0.1affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-78: CWE-78 OS Command Injection
  • CWE-121: CWE-121 Stack-based Buffer Overflow

Workarounds

This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.

ADP Enrichment

CVE Program Container

Additional References

References