CVE-2020-1981
published 2020-03-11CVE-2020-1981: A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.36%
28.1th percentile
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.13 | 8.1.13 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation
vendor_paloalto·2020-03-11·CVSS 7.8
CVE-2020-1981 [HIGH] CWE-377 PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation
PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.
This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.
This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.
This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.
Workaround: This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guid
GHSA
GHSA-7m66-gpgj-f3cr: A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation
ghsa_unreviewed·2022-05-24
CVE-2020-1981 [HIGH] GHSA-7m66-gpgj-f3cr: A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6461 chromium-browser: Use after free in storage
bugzilla·2020-04-28·CVSS 9.6
CVE-2020-6461 [CRITICAL] CVE-2020-6461 chromium-browser: Use after free in storage
CVE-2020-6461 chromium-browser: Use after free in storage
An use after free flaw was found in the storage component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1072983
External References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1828864]
Affects: fedora-all [bug 1828863]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:1981 https://access.redhat.com/errata/RHSA-2020:1981
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-6461
Bugzilla
CVE-2020-6462 chromium-browser: Use after free in task scheduling
bugzilla·2020-04-28·CVSS 9.6
CVE-2020-6462 [CRITICAL] CVE-2020-6462 chromium-browser: Use after free in task scheduling
CVE-2020-6462 chromium-browser: Use after free in task scheduling
An use after free flaw was found in the task scheduling component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1064891
External References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1828864]
Affects: fedora-all [bug 1828863]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:1981 https://access.redhat.com/errata/RHSA-2020:1981
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve
2020-03-11
Published