First published: Wed Jul 08 2020(Updated: )
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=7.1.0<=7.1.26 | |
Paloaltonetworks Pan-os | >=8.0.0<=8.0.20 | |
Paloaltonetworks Pan-os | >=8.1.0<8.1.15 |
This issue is fixed in PAN-OS 8.1.15 and all later PAN-OS versions.
PAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2030 is an OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
CVE-2020-2030 has a severity rating of 7.2 (critical).
CVE-2020-2030 impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 7.1 and PAN-OS 8.0.
To fix CVE-2020-2030, update PAN-OS to version 8.1.15 for PAN-OS 8.1, version 7.1.26 for PAN-OS 7.1, and version 8.0.20 for PAN-OS 8.0.
More information about CVE-2020-2030 can be found at the following reference: https://security.paloaltonetworks.com/CVE-2020-2030