CVE-2020-1978 – VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs
https://notcve.org/view.php?id=CVE-2020-1978
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. • https://security.paloaltonetworks.com/CVE-2020-1978 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •