CVE-2020-1996
published 2020-05-13CVE-2020-1996: A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.91%
55.3th percentile
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.14 | 8.1.14 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.9 | 9.0.9 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.13 | — |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.8 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Panorama management server log injection
vendor_paloalto·2020-05-13·CVSS 5.3
CVE-2020-1996 [MEDIUM] CWE-862 PAN-OS: Panorama management server log injection
PAN-OS: Panorama management server log injection
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.9 (pending release), and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.
Workaround: Attacks against this issue can be blocked with
GHSA
GHSA-grq6-472c-73fx: A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages in
ghsa_unreviewed·2022-05-24
CVE-2020-1996 [MEDIUM] GHSA-grq6-472c-73fx: A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages in
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.
Kernel
vgacon: Fix a UAF in vgacon_invert_region
kernel_security·2020-03-04
CVE-2020-8647 vgacon: Fix a UAF in vgacon_invert_region
vgacon: Fix a UAF in vgacon_invert_region
When syzkaller tests, there is a UAF:
BUG: KASan: use after free in vgacon_invert_region+0x9d/0x110 at addr
ffff880000100000
Read of size 2 by task syz-executor.1/16489
page:ffffea0000004000 count:0 mapcount:-127 mapping: (null)
index:0x0
page flags: 0xfffff00000000()
page dumped because: kasan: bad access detected
CPU: 1 PID: 16489 Comm: syz-executor.1 Not tainted
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
Call Trace:
[] dump_stack+0x1e/0x20
[] kasan_report+0x577/0x950
[] __asan_load2+0x62/0x80
[] vgacon_invert_region+0x9d/0x110
[] invert_screen+0xe5/0x470
[] set_selection+0x44b/0x12f0
[] tioclinux+0xee/0x490
[] vt_ioctl+0xff4/0x2670
[] tty_ioctl+0x46a/0x1a10
[] do_vfs_ioc
Kernel
vt: selection, close sel_buffer race
kernel_security·2020-02-10·CVSS 7.1
CVE-2020-8648 [HIGH] vt: selection, close sel_buffer race
vt: selection, close sel_buffer race
syzkaller reported this UAF:
BUG: KASAN: use-after-free in n_tty_receive_buf_common+0x2481/0x2940 drivers/tty/n_tty.c:1741
Read of size 1 at addr ffff8880089e40e9 by task syz-executor.1/13184
CPU: 0 PID: 13184 Comm: syz-executor.1 Not tainted 5.4.7 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
...
kasan_report+0xe/0x20 mm/kasan/common.c:634
n_tty_receive_buf_common+0x2481/0x2940 drivers/tty/n_tty.c:1741
tty_ldisc_receive_buf+0xac/0x190 drivers/tty/tty_buffer.c:461
paste_selection+0x297/0x400 drivers/tty/vt/selection.c:372
tioclinux+0x20d/0x4e0 drivers/tty/vt/vt.c:3044
vt_ioctl+0x1bcf/0x28d0 drivers/tty/vt/vt_ioctl.c:364
tty_ioctl+0x525/0x15a0 drivers/tty/tty_io.c:2657
vfs_ioctl fs/ioctl.c:47 [inline]
I
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-05-13
Published