CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1993 – PAN-OS: GlobalProtect Portal PHP session fixation vulnerability
https://notcve.org/view.php?id=CVE-2020-1993
13 May 2020 — The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8. La funcionalidad GlobalProtect Portal en PAN-OS, no establece un nuevo identificador de sesión después de un inicio de sesión de usuario con éxito, que permite ataques de f... • https://security.paloaltonetworks.com/CVE-2020-1993 • CWE-384: Session Fixation •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-1990 – PAN-OS: Buffer overflow in the management server
https://notcve.org/view.php?id=CVE-2020-1990
08 Apr 2020 — A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el componente servidor de administración de PAN-OS, permite a un usuario autent... • https://security.paloaltonetworks.com/CVE-2020-1990 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1979 – PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation
https://notcve.org/view.php?id=CVE-2020-1979
11 Mar 2020 — A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. Una vulnerabilidad de la cadena de formato en el demonio de registro ... • https://security.paloaltonetworks.com/CVE-2020-1979 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1980 – PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
https://notcve.org/view.php?id=CVE-2020-1980
11 Mar 2020 — A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. Una vulnerabilidad de inyección de comando de shell en la CLI de PAN-OS, permite a un usuario autenticado local escapar del shell restringido y escalar p... • https://security.paloaltonetworks.com/CVE-2020-1980 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1981 – PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation
https://notcve.org/view.php?id=CVE-2020-1981
11 Mar 2020 — A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. Una vulnerabilidad de nombre predecible de archivo temporal en PAN-OS, permite una escalada... • https://security.paloaltonetworks.com/CVE-2020-1981 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1975 – Missing XML Validation in PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2020-1975
12 Feb 2020 — Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. Se presenta una vulnerabilidad de falta de comprobación XML en la interfaz web PAN-OS en el software Palo Alto Networks... • https://security.paloaltonetworks.com/CVE-2020-1975 • CWE-112: Missing XML Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17437 – PAN-OS: Custom-role users may escalate privileges
https://notcve.org/view.php?id=CVE-2019-17437
05 Dec 2019 — An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario ... • https://securityadvisories.paloaltonetworks.com/Home/Detail/159 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1582
https://notcve.org/view.php?id=CVE-2019-1582
23 Aug 2019 — Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. La corrupción de la memoria en PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá a un usuario administrativo causar daños arbitrarios en la memoria al volver a escribir la sesión interactiva actual del cliente. • https://security.paloaltonetworks.com/CVE-2019-1582 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-1581 – PAN-OS: Remote code execution vulnerability in the PAN-OS SSH device management interface
https://notcve.org/view.php?id=CVE-2019-1581
23 Aug 2019 — A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. Una vulnerabilidad de ejecución remota de código en la interfaz de administración de dispositivos SSH de PAN-OS ... • https://security.paloaltonetworks.com/CVE-2019-1581 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2019-1580
https://notcve.org/view.php?id=CVE-2019-1580
23 Aug 2019 — Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. La corrupción de la memoria en PAN-OS 7.1.24 y anteriores, PAN-OS 8.0.19 y anteriores, PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá que un usuario remoto no autenticado elabore un mensaje para proteger Shell Daemon (SSHD) y corromper la memo... • https://security.paloaltonetworks.com/CVE-2019-1580 • CWE-787: Out-of-bounds Write •