CVE-2020-1997Open Redirect in Palo Alto Networks Pan-os

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
CNA5.3
EPSS
0.3%
top 48.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedMay 13
Latest updateMay 24

Description

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDpaloaltonetworks/pan-os7.1.07.1.26+1
CVEListV5palo_alto_networks/pan-os7.17.1.26+1
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-67r3-q6qw-jw7p: An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection t2022-05-24
CVEList
PAN-OS: GlobalProtect registration open redirect2020-05-13

💥Exploits & PoCs

1
Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)2021-06-21

📋Vendor Advisories

1
Palo Alto
PAN-OS: GlobalProtect registration open redirect2020-05-13
CVE-2020-1997 — Open Redirect in Palo | cvebase