CVE-2020-1995 — NULL Pointer Dereference in Palo Alto Networks Pan-os

CWE-476 — NULL Pointer Dereference CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 44.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedMay 13

Latest updateMay 24

Description

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDpaloaltonetworks/pan-os9.1.0 — 9.1.2

▶CVEListV5palo_alto_networks/pan-os9.1 — 9.1.2

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-5cgw-69cq-5ggq: A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr d↗2022-05-24

▶

CVEList

PAN-OS: Management server rasmgr denial of service↗2020-05-13

▶

📋Vendor Advisories

Red Hat

libsolv: heap-overflows in resolve_dependencies function↗2022-02-21

▶

Palo Alto

PAN-OS: Management server rasmgr denial of service↗2020-05-13

▶