CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1977 – Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.
https://notcve.org/view.php?id=CVE-2020-1977
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. Una protección de Cross-Site Request Forgery (XSRF) insuficiente en Expedition Migration Tool, permite a atacantes remotos no autenticados secuestrar la autenticación de los administradores y ejecutar acciones en Expedition Migration Tool. Este problema afecta a Expedition Migration Tool versión 1.1.51 y anteriores. • https://security.paloaltonetworks.com/CVE-2020-1977 https://www.tenable.com/security/research/tra-2020-11 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1976 – GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
https://notcve.org/view.php?id=CVE-2020-1976
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. Una vulnerabilidad de denegación de servicio (DoS) en el software GlobalProtect de Palo Alto Networks ejecutándose en Mac OS permite a usuarios locales autenticados causar la suspensión o bloqueo del kernel de Mac OS. Este problema afecta a GlobalProtect versión 5.0.5 y anteriores de GlobalProtect versión 5.0 en Mac OS. • https://security.paloaltonetworks.com/CVE-2020-1976 • CWE-20: Improper Input Validation CWE-642: External Control of Critical State Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1975 – Missing XML Validation in PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2020-1975
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. Se presenta una vulnerabilidad de falta de comprobación XML en la interfaz web PAN-OS en el software Palo Alto Networks PAN-OS, permite a usuarios autenticados inyectar XML arbitrario que resulta en una escalada de privilegios. Este problema afecta a PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.12 y PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.6. • https://security.paloaltonetworks.com/CVE-2020-1975 • CWE-112: Missing XML Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17440 – PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access
https://notcve.org/view.php?id=CVE-2019-17440
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. • https://security.paloaltonetworks.com/CVE-2019-17440 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17437 – PAN-OS: Custom-role users may escalate privileges
https://notcve.org/view.php?id=CVE-2019-17437
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario de rol personalizado no superusuario poco privilegiado autenticado elevar los privilegios y convertirse en superusuario. Este problema afecta a PAN-OS versiones 7.1 anteriores a 7.1.25; versiones 8.0 anteriores a 8.0.20; versiones 8.1 anteriores a 8.1.11; versiones 9.0 anteriores a 9.0.5. • https://securityadvisories.paloaltonetworks.com/Home/Detail/159 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-287: Improper Authentication •