First published: Wed Nov 11 2020(Updated: )
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=8.1.0<8.1.16 | |
Paloaltonetworks Pan-os | >=9.0.0<9.0.10 | |
Paloaltonetworks Pan-os | >=9.1.0<9.1.4 | |
Paloaltonetworks Pan-os | >=10.0.0<10.0.1 |
This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2000 is an OS command injection and memory corruption vulnerability in the PAN-OS management web interface.
PAN-OS 8.1 versions earlier than 8.1.16, PAN-OS 9.0 versions earlier than 9.0.10, PAN-OS 9.1 versions earlier than 9.1.4, and PAN-OS 10.0 versions earlier than 10.0.1 are affected.
CVE-2020-2000 has a severity rating of 7.2 (critical).
Apply the necessary security patches provided by Palo Alto Networks to upgrade PAN-OS to versions 8.1.16, 9.0.10, 9.1.4, or 10.0.1.
You can find more information about CVE-2020-2000 on the Palo Alto Networks security advisory page: [https://security.paloaltonetworks.com/CVE-2020-2000](https://security.paloaltonetworks.com/CVE-2020-2000)