Main Vulnerability Database Vulnerabilities #VU26734

#VU26734 Credentials management in VM-Series Virtual Firewalls - CVE-2020-1978

Published: April 9, 2020

Vulnerability identifier: #VU26734

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1978

CWE-ID: CWE-255

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
VM-Series Virtual Firewalls

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to obtain account credentials.

The vulnerability exists due to the TechSupport files generated on VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. A local administrator can manage all the Azure resources in the subscription except for granting access to other resources.

Note: These credentials do not allow login access to the VMs themselves.

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/CVE-2020-1978

#VU26734 Credentials management in VM-Series Virtual Firewalls - CVE-2020-1978

Description

Remediation

External links

Please verify you're human