CVE-2020-1979Use of Externally-Controlled Format String in Palo Alto Networks Pan-os

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
7.8HIGHNVD
CNA8.1
EPSS
0.2%
top 53.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedMar 11
Latest updateMay 24

Description

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/pan-os8.18.1.13
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-x3hm-crq5-m74w: A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the r2022-05-24
CVEList
PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation2020-03-11

📋Vendor Advisories

1
Palo Alto
PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation2020-03-11
CVE-2020-1979 — Palo Alto Networks Pan-os vulnerability | cvebase