Multiple vulnerabilities in Palo Alto PAN-OS

Published: 2020-06-11

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2020-2027 CVE-2020-2029 CVE-2020-2028
CWE-ID	CWE-121 CWE-78
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Palo Alto PAN-OS Operating systems & Components / Operating system
Vendor	Palo Alto Networks, Inc.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU28956

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2027

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote administrator to escalate privileges on the system.

The vulnerability exists due to a boundary within the authd component of the PAN-OS management server. A remote authenticated administrator can send specially crafted request to the authd service, trigger a stack-based buffer overflow and crash it or execute arbitrary code with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1.0 - 9.0.6

Fixed software versions

CPE2.3

cpe:2.3:o:palo_alto_networks:pan-os:9.0.6:*:*:*:*:*:*:*

External links

http://security.paloaltonetworks.com/CVE-2020-2027

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) OS Command Injection

EUVDB-ID: #VU28958

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2029

CWE-ID:

Exploit availability:

Description

The vulnerability allows a user to escalate privileges on the system.

The vulnerability exists due to improper input validation. A remote authenticated administrator can send a malicious request to generate new certificates for use in the PAN-OS configuration and execute arbitrary commands with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1 - 8.1.12

Fixed software versions

CPE2.3

cpe:2.3:o:palo_alto_networks:pan-os:8.0.21:*:*:*:*:*:*:*

External links

http://security.paloaltonetworks.com/CVE-2020-2029

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) OS Command Injection

EUVDB-ID: #VU28957

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2028

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote administrator to escalate privileges on the system.

The vulnerability exists due to improper input validation in PAN-OS management server when uploading a new certificate in FIPS-CC mode. A remote authenticated administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 7.1 - 9.0.6

Fixed software versions

CPE2.3

cpe:2.3:o:palo_alto_networks:pan-os:9.0.6:*:*:*:*:*:*:*

External links

http://security.paloaltonetworks.com/CVE-2020-2028

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?