Credentials management in VM-Series Virtual Firewalls - CVE-2020-1978

 

Credentials management in VM-Series Virtual Firewalls - CVE-2020-1978

Published: April 9, 2020


Vulnerability identifier: #VU26734
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1978
CWE-ID: CWE-255
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
VM-Series Virtual Firewalls

Detailed vulnerability description

The vulnerability allows a local user to obtain account credentials. 

The vulnerability exists due to the TechSupport files generated on VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. A local administrator can manage all the Azure resources in the subscription except for granting access to other resources. 

Note: These credentials do not allow login access to the VMs themselves. 


How to mitigate CVE-2020-1978

Install updates from vendor's website.

Sources