CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2003 – PAN-OS: Authenticated administrator can delete arbitrary system file
https://notcve.org/view.php?id=CVE-2020-2003
13 May 2020 — An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. Un control externo de la vulnerabilidad de nombre de archivo en el procesamiento de comandos de PAN-OS permit... • https://security.paloaltonetworks.com/CVE-2020-2003 • CWE-73: External Control of File Name or Path •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2002 – PAN-OS: Spoofed Kerberos key distribution center authentication bypass
https://notcve.org/view.php?id=CVE-2020-2002
13 May 2020 — An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 ve... • https://security.paloaltonetworks.com/CVE-2020-2002 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2001 – PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
https://notcve.org/view.php?id=CVE-2020-2001
13 May 2020 — An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. Un control externo de la vulnerabilidad de ruta y datos en la ló... • https://security.paloaltonetworks.com/CVE-2020-2001 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1998 – PAN-OS: Improper SAML SSO authorization of shared local users
https://notcve.org/view.php?id=CVE-2020-1998
13 May 2020 — An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions... • https://security.paloaltonetworks.com/CVE-2020-1998 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1997 – PAN-OS: GlobalProtect registration open redirect
https://notcve.org/view.php?id=CVE-2020-1997
13 May 2020 — An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. Una vulnerabilidad de redireccionamiento abierto en el componente GlobalProtect de Palo... • https://security.paloaltonetworks.com/CVE-2020-1997 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1996 – PAN-OS: Panorama management server log injection
https://notcve.org/view.php?id=CVE-2020-1996
13 May 2020 — A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. Una vulnerabilidad de falta de autorización en el componente management serv... • https://security.paloaltonetworks.com/CVE-2020-1996 • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1994 – PAN-OS: Predictable temporary file vulnerability
https://notcve.org/view.php?id=CVE-2020-1994
13 May 2020 — A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. Una vulnerabilidad de archivo temporal predecible en PAN-OS, permite a un usuario autenticado local con acceso de shell corromper archivos de sistema arbitrarios afectando la integridad del sistema... • https://security.paloaltonetworks.com/CVE-2020-1994 • CWE-377: Insecure Temporary File •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1993 – PAN-OS: GlobalProtect Portal PHP session fixation vulnerability
https://notcve.org/view.php?id=CVE-2020-1993
13 May 2020 — The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8. La funcionalidad GlobalProtect Portal en PAN-OS, no establece un nuevo identificador de sesión después de un inicio de sesión de usuario con éxito, que permite ataques de f... • https://security.paloaltonetworks.com/CVE-2020-1993 • CWE-384: Session Fixation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1979 – PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation
https://notcve.org/view.php?id=CVE-2020-1979
11 Mar 2020 — A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. Una vulnerabilidad de la cadena de formato en el demonio de registro ... • https://security.paloaltonetworks.com/CVE-2020-1979 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17437 – PAN-OS: Custom-role users may escalate privileges
https://notcve.org/view.php?id=CVE-2019-17437
05 Dec 2019 — An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario ... • https://securityadvisories.paloaltonetworks.com/Home/Detail/159 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-287: Improper Authentication •