CVE-2020-2040

Summary

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS8.0.*affected
Palo Alto NetworksPAN-OS9.0 < 9.0.9affected
Palo Alto NetworksPAN-OS9.1 < 9.1.3affected
Palo Alto NetworksPAN-OS8.1 < 8.1.15affected
Palo Alto NetworksPAN-OS10.0.0 < 10.0*unaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

Workarounds

Until PAN-OS software is upgraded to a fixed version, enabling signatures in content update version 8317 will block attacks against CVE-2020-2040.

ADP Enrichment

CVE Program Container

Additional References

References