CVE-2020-1997
published 2020-05-13CVE-2020-1997: An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.89%
55.0th percentile
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 7.1 < 7.1.26 | 7.1.26 |
| palo_alto_networks | pan-os | >= 8.0 < 8.0.14 | 8.0.14 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.26 | 7.1.26 |
| paloaltonetworks | pan-os | >= 8.0.0 < 8.0.14 | 8.0.14 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-67r3-q6qw-jw7p: An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection t
ghsa_unreviewed·2022-05-24
CVE-2020-1997 [MEDIUM] GHSA-67r3-q6qw-jw7p: An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection t
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.
Palo Alto
PAN-OS: GlobalProtect registration open redirect
vendor_paloalto·2020-05-13·CVSS 6.1
CVE-2020-1997 [MEDIUM] CWE-601 PAN-OS: GlobalProtect registration open redirect
PAN-OS: GlobalProtect registration open redirect
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.0.14, and all later PAN-OS versions.
No detection rules found.
No writeups or analysis indexed.
2020-05-13
Published