CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2027 – PAN-OS: Buffer overflow in authd authentication response
https://notcve.org/view.php?id=CVE-2020-2027
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7. Una vulnerabilidad de desbordamiento del búfer en el componente authd del servidor de administración PAN-OS, permite a administradores autenticados interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios root. Este problema afecta: Todas las versiones de PAN-OS 7.1 y PAN-OS versión 8.0; PAN-OS versiones 8.1 anteriores a PAN-OS versión 8.1.13; PAN-OS versiones 9.0 anteriores a PAN-OS versión 9.0.7 • https://security.paloaltonetworks.com/CVE-2020-2027 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2018 – PAN-OS: Panorama authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2020-2018
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. Una vulnerabilidad de omisión de autentificación en la función de conmutación de contexto de Panorama permite a un atacante con acceso de red a la interfaz de gestión de Panorama obtener un acceso privilegiado a la gestión del Firewall. • https://security.paloaltonetworks.com/CVE-2020-2018 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2017 – PAN-OS: DOM-Based cross site scripting vulnerability in management web interface
https://notcve.org/view.php?id=CVE-2020-2017
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. Existe una vulnerabilidad de Cross Site Scripting basada en DOM en PAN-OS y las interfaces web de Panorama Management. Un atacante remoto capaz de convencer a un administrador autenticado para que haga clic en un enlace especialmente diseñado para PAN-OS y Panorama Web Interfaces podría ejecutar código JavaScript arbitrario en el navegador del administrador y realizar acciones administrativas. • https://security.paloaltonetworks.com/CVE-2020-2017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2016 – PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2020-2016
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. Una condición de carrera debido a la creación no segura de un archivo en una vulnerabilidad de directorio temporal en PAN-OS permite la escalada de privilegios raíz desde una cuenta de usuario de Linux limitada. Esto permite que un atacante que haya escapado del shell restringido como administrador de bajos privilegios, posiblemente explotando otra vulnerabilidad, escale privilegios para convertirse en usuario root. • https://security.paloaltonetworks.com/CVE-2020-2016 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-377: Insecure Temporary File •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2015 – PAN-OS: Buffer overflow in the management server
https://notcve.org/view.php?id=CVE-2020-2015
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. Una vulnerabilidad de desbordamiento del búfer en el servidor de administración de PAN-OS permite a los usuarios autentificados bloquear los procesos del sistema o potencialmente ejecutar código arbitrario con privilegios root. Este problema afecta: PAN-OS versiones 7.1 anteriores a 7.1.26; PAN-OS versiones 8.1 anteriores a la 8.1.13; PAN-OS versiones 9.0 anteriores a 9.0.7; PAN-OS versiones 9.1 anteriores a la 9.1.1; todas las versiones de PAN-OS 8.0. • https://security.paloaltonetworks.com/CVE-2020-2015 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •