CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1990 – PAN-OS: Buffer overflow in the management server
https://notcve.org/view.php?id=CVE-2020-1990
08 Apr 2020 — A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el componente servidor de administración de PAN-OS, permite a un usuario autent... • https://security.paloaltonetworks.com/CVE-2020-1990 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1978 – VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs
https://notcve.org/view.php?id=CVE-2020-1978
08 Apr 2020 — TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves.... • https://security.paloaltonetworks.com/CVE-2020-1978 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1975 – Missing XML Validation in PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2020-1975
12 Feb 2020 — Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. Se presenta una vulnerabilidad de falta de comprobación XML en la interfaz web PAN-OS en el software Palo Alto Networks... • https://security.paloaltonetworks.com/CVE-2020-1975 • CWE-112: Missing XML Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17440 – PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access
https://notcve.org/view.php?id=CVE-2019-17440
20 Dec 2019 — Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other... • https://security.paloaltonetworks.com/CVE-2019-17440 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17437 – PAN-OS: Custom-role users may escalate privileges
https://notcve.org/view.php?id=CVE-2019-17437
05 Dec 2019 — An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario ... • https://securityadvisories.paloaltonetworks.com/Home/Detail/159 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1582
https://notcve.org/view.php?id=CVE-2019-1582
23 Aug 2019 — Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. La corrupción de la memoria en PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá a un usuario administrativo causar daños arbitrarios en la memoria al volver a escribir la sesión interactiva actual del cliente. • https://security.paloaltonetworks.com/CVE-2019-1582 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1581 – PAN-OS: Remote code execution vulnerability in the PAN-OS SSH device management interface
https://notcve.org/view.php?id=CVE-2019-1581
23 Aug 2019 — A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. Una vulnerabilidad de ejecución remota de código en la interfaz de administración de dispositivos SSH de PAN-OS ... • https://security.paloaltonetworks.com/CVE-2019-1581 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1580
https://notcve.org/view.php?id=CVE-2019-1580
23 Aug 2019 — Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. La corrupción de la memoria en PAN-OS 7.1.24 y anteriores, PAN-OS 8.0.19 y anteriores, PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá que un usuario remoto no autenticado elabore un mensaje para proteger Shell Daemon (SSHD) y corromper la memo... • https://security.paloaltonetworks.com/CVE-2019-1580 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1575
https://notcve.org/view.php?id=CVE-2019-1575
16 Jul 2019 — Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. Una divulgación de información en PAN-OS versiones 7.1.23 y anteriores, PAN-OS versiones 8.0.18 y anteriores, PAN-OS versiones 8.1.8-h4 y anteriores, y PAN-OS versione... • http://www.securityfocus.com/bid/109176 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1576
https://notcve.org/view.php?id=CVE-2019-1576
16 Jul 2019 — Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. La inyección de comandos en PAN-0S 9.0.2 y versiones anteriores puede permitir que un atacante autenticado obtenga acceso a un shell remoto en PAN-OS, y posiblemente se ejecute con los permisos de usuario escalados. • https://security.paloaltonetworks.com/CVE-2019-1576 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •