CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2042 – PAN-OS: Buffer overflow in the management web interface
https://notcve.org/view.php?id=CVE-2020-2042
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Una vulnerabilidad de desbordamiento de búfer en la interfaz web de administración de PAN-OS permite a los administradores autenticados interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios root. Este problema impacta solo a las Versiones PAN-OS 10.0 anteriores a PAN-OS 10.0.1. • https://security.paloaltonetworks.com/CVE-2020-2042 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2041 – PAN-OS: Management web interface denial-of-service (DoS)
https://notcve.org/view.php?id=CVE-2020-2041
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16. Una configuración no segura del demonio appweb de Palo Alto Networks PAN-OS versión 8.1, permite a un usuario remoto no autenticado enviar una petición específicamente diseñada al dispositivo que causa que el servicio appweb se bloquee. Los intentos repetidos de enviar esta petición resultan en la denegación de servicio para todos los servicios de PAN-OS al reiniciar el dispositivo y ponerlo en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2020-2041 • CWE-16: Configuration •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2040 – PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
https://notcve.org/view.php?id=CVE-2020-2040
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. Una vulnerabilidad de desbordamiento de búfer en PAN-OS permite a un atacante no autenticado interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios root al enviar una petición maliciosa al portal cautivo o la interfaz de autenticación multifactor. Este problema impacta a: todas las Versiones PAN-OS 8.0; Versiones PAN-OS 8.1 anteriores a PAN-OS 8.1.15; Versiones PAN-OS 9.0 anteriores a PAN-OS 9.0.9; Versiones PAN-OS 9.1 anteriores a PAN-OS 9.1.3. • https://security.paloaltonetworks.com/CVE-2020-2040 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2039 – PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
https://notcve.org/view.php?id=CVE-2020-2039
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Una vulnerabilidad de consumo de recursos no controlado en Palo Alto Networks PAN-OS permite a un usuario remoto no autenticado cargar archivos temporales por medio de la interfaz web de administración que no son eliminados apropiadamente una vez finalizada la petición. Es posible que un atacante interrumpa la disponibilidad de la interfaz web de administración cargando archivos de forma repetida hasta que se agote el espacio disponible en disco. • https://security.paloaltonetworks.com/CVE-2020-2039 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 90%CPEs: 3EXPL: 4CVE-2020-2038 – PAN-OS: OS command injection vulnerability in the management web interface
https://notcve.org/view.php?id=CVE-2020-2038
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1. Una vulnerabilidad de Inyección de Comandos del Sistema Operativo en la interfaz de administración de PAN-OS que permite a los administradores autenticados ejecutar comandos de Sistema Operativo arbitrarios con privilegios root. Este problema impacta a: Versiones PAN-OS 9.0 anteriores a 9.0.10; Versiones PAN-OS 9.1 anteriores a 9.1.4; Versiones PAN-OS 10.0 anteriores a 10.0.1. PAN-OS version 10.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/51005 https://github.com/und3sc0n0c1d0/CVE-2020-2038 http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html https://security.paloaltonetworks.com/CVE-2020-2038 https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •