CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2014 – PAN-OS: OS injection vulnerability in PAN-OS management server
https://notcve.org/view.php?id=CVE-2020-2014
13 May 2020 — An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. Una vulnerabilidad de Inyección de Comandos del Sistema Operativo en el servidor de administración de PAN-OS, permite a usuarios autenticados inyectar y ejecutar comandos de shell arbitrarios con privilegios root.... • https://security.paloaltonetworks.com/CVE-2020-2014 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2013 – PAN-OS: Panorama context switch session cookie disclosure
https://notcve.org/view.php?id=CVE-2020-2013
13 May 2020 — A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account a... • https://security.paloaltonetworks.com/CVE-2020-2013 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2012 – PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak
https://notcve.org/view.php?id=CVE-2020-2012
13 May 2020 — Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. Una vulnerabilidad de restricción inapropiada de una referencia de XML ext... • https://security.paloaltonetworks.com/CVE-2020-2012 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2011 – PAN-OS: Panorama registration denial of service
https://notcve.org/view.php?id=CVE-2020-2011
13 May 2020 — An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlie... • https://security.paloaltonetworks.com/CVE-2020-2011 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2010 – PAN-OS: Authenticated user command injection vulnerability
https://notcve.org/view.php?id=CVE-2020-2010
13 May 2020 — An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. Una vulnerabilidad de inyección de comandos de Sistema Operativo en la interfaz de administración de PAN-OS, permite a un administrador autenticado ejecutar comandos arbitrarios del Sistema Operativo con privilegi... • https://security.paloaltonetworks.com/CVE-2020-2010 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2009 – PAN-OS: Panorama SD WAN arbitrary file creation
https://notcve.org/view.php?id=CVE-2020-2009
13 May 2020 — An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. Una vulnerabilidad de control externo d... • https://security.paloaltonetworks.com/CVE-2020-2009 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2008 – PAN-OS: OS command injection or arbitrary file deletion vulnerability
https://notcve.org/view.php?id=CVE-2020-2008
13 May 2020 — An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. Una vulnerabilidad de inyección de comandos de Sistema Operativo y control externo del nombre de archivo en Palo Alto Networks PAN-OS, ... • https://security.paloaltonetworks.com/CVE-2020-2008 • CWE-73: External Control of File Name or Path CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2007 – PAN-OS: OS command injection in management server
https://notcve.org/view.php?id=CVE-2020-2007
13 May 2020 — An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. Una vulnerabilidad de inyección de comandos de Sistema Operativo en el componente management server de PAN-OS, permite a un usuario autenticado ejecutar potencialmente comandos arbitrarios con privilegios root.... • https://security.paloaltonetworks.com/CVE-2020-2007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2006 – PAN-OS: Buffer overflow in management server payload parser
https://notcve.org/view.php?id=CVE-2020-2006
13 May 2020 — A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el componente management server de PAN-OS, que permite a un usuario autenticado ejecutar potencialmente código arbitrario con privilegios root. Este p... • https://security.paloaltonetworks.com/CVE-2020-2006 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2005 – PAN-OS: GlobalProtect Clientless VPN session hijacking
https://notcve.org/view.php?id=CVE-2020-2005
13 May 2020 — A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. Existe una vulnerabilidad de cross-site scripting (XSS(XSS) al visitar sitios web maliciosos con la VPN sin cliente GlobalProtect de Palo Alto Networks que... • https://security.paloaltonetworks.com/CVE-2020-2005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •