CVE-2020-1999
published 2020-11-12CVE-2020-1999: A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
1.32%
67.3th percentile
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.17 | 8.1.17 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.11 | 9.0.11 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.5 | 9.1.5 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.17 | 8.1.17 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.11 | 9.0.11 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.5 | 9.1.5 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Threat signatures are evaded by specifically crafted packets
vendor_paloalto·2020-11-11·CVSS 5.3
CVE-2020-1999 [MEDIUM] CWE-754 PAN-OS: Threat signatures are evaded by specifically crafted packets
PAN-OS: Threat signatures are evaded by specifically crafted packets
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets.
This CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. There could be an impact on the accuracy of firewall threat prevention with some signatures, but there is no impact on the integrity of other security features.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.
Workaround: There are no kno
GHSA
GHSA-6p97-xh7r-7cmv: A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in
ghsa_unreviewed·2022-05-24
CVE-2020-1999 [MEDIUM] CWE-754 GHSA-6p97-xh7r-7cmv: A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.
No detection rules found.
No writeups or analysis indexed.
2020-11-12
Published