CVE-2020-1980
published 2020-03-11CVE-2020-1980: A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.63%
45.5th percentile
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.13 | 8.1.13 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qqvw-2w25-wwh8: A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges
ghsa_unreviewed·2022-05-24
CVE-2020-1980 [HIGH] GHSA-qqvw-2w25-wwh8: A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.
Palo Alto
PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
vendor_paloalto·2020-03-11·CVSS 7.8
CVE-2020-1980 [HIGH] CWE-77 PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.
This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.
This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.13, and all later versions.
Workaround: This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-11
Published