What is the severity of CVE-2020-2011?

CVE-2020-2011 is rated as high severity due to its potential to allow remote unauthenticated users to crash the configuration service.

How do I fix CVE-2020-2011?

To fix CVE-2020-2011, you should upgrade your Palo Alto Networks PAN-OS to a version above 7.1.26, 8.0.20, or 8.1.14, and ensure you are on 9.1.0 or later.

Which versions of PAN-OS are affected by CVE-2020-2011?

CVE-2020-2011 affects Palo Alto Networks PAN-OS versions 7.1.0 to 7.1.26, 8.0.0 to 8.0.20, 8.1.0 to 8.1.14, and 9.0.0 to 9.1.0.

Is CVE-2020-2011 exploitable remotely?

Yes, CVE-2020-2011 is exploitable remotely by unauthenticated users through specially crafted registration requests.

What are the consequences of exploiting CVE-2020-2011?

Exploiting CVE-2020-2011 can cause the configuration service of PAN-OS Panorama to crash, resulting in potential denial-of-service impacts.

Vulnerability/
CVE-2020-2011

high

7.8

CWE

13/5/2020

16/9/2024

CVE-2020-2011: PAN-OS: Panorama registration denial of service

First published: Wed May 13 2020(Updated: )

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0.

Credit: psirt@paloaltonetworks.com

Affected Software	Affected Version	How to fix
Palo Alto Networks PAN-OS	>=7.1.0<=7.1.26
Palo Alto Networks PAN-OS	>=8.0.0<=8.0.20
Palo Alto Networks PAN-OS	>=8.1.0<8.1.14
Palo Alto Networks PAN-OS	>=9.0.0<9.1.0

Remedy

This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, and all later PAN-OS versions. PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies. PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.

Never miss a vulnerability like this again

Reference Links

https://security.paloaltonetworks.com/CVE-2020-2011

Frequently Asked Questions

What is the severity of CVE-2020-2011?
CVE-2020-2011 is rated as high severity due to its potential to allow remote unauthenticated users to crash the configuration service.
How do I fix CVE-2020-2011?
To fix CVE-2020-2011, you should upgrade your Palo Alto Networks PAN-OS to a version above 7.1.26, 8.0.20, or 8.1.14, and ensure you are on 9.1.0 or later.
Which versions of PAN-OS are affected by CVE-2020-2011?
CVE-2020-2011 affects Palo Alto Networks PAN-OS versions 7.1.0 to 7.1.26, 8.0.0 to 8.0.20, 8.1.0 to 8.1.14, and 9.0.0 to 9.1.0.
Is CVE-2020-2011 exploitable remotely?
Yes, CVE-2020-2011 is exploitable remotely by unauthenticated users through specially crafted registration requests.
What are the consequences of exploiting CVE-2020-2011?
Exploiting CVE-2020-2011 can cause the configuration service of PAN-OS Panorama to crash, resulting in potential denial-of-service impacts.

agent/type
agent/softwarecombine
agent/author
agent/remedy
agent/references
agent/weakness
agent/severity
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/paloaltonetworks
canonical/palo alto networks pan-os
version/palo alto networks pan-os/7.1.0
version/palo alto networks pan-os/7.1.26
version/palo alto networks pan-os/8.0.0
version/palo alto networks pan-os/8.0.20
version/palo alto networks pan-os/8.1.0
version/palo alto networks pan-os/9.0.0