CVE-2020-2012
PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.
Una vulnerabilidad de restricción inapropiada de una referencia de XML external entity ('XXE') en el servicio de administración de Palo Alto Networks Panorama, permite a atacantes no autenticados remotos con acceso de red a la interfaz de administración de Panorama leer archivos arbitrarios en el sistema. Este problema afecta: Todas las versiones de PAN-OS para Panorama 7.1 y 8.0; PAN-OS para Panorama versiones 8.1 anteriores a 8.1.13; PAN-OS para Panorama versiones 9.0 anteriores a 9.0.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-04 CVE Reserved
- 2020-05-13 CVE Published
- 2024-06-22 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.paloaltonetworks.com/CVE-2020-2012 | 2020-05-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 7.1.0 <= 7.1.26 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.1.0 <= 7.1.26" | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.0.0 <= 8.0.20 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.0.0 <= 8.0.20" | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.13 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.13" | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.7 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.7" | - |
Affected
|