CVE-2020-2000
published 2020-11-12CVE-2020-2000: An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
3.23%
86.7th percentile
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_advanced_waf | — | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_dhd | — | — |
| f5 | big-ip_dns | — | — |
| f5 | big-ip_fps | — | — |
| f5 | big-ip_gtm | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_ltm | — | — |
| f5 | big-ip_pem | — | — |
| f5 | ssl_orchestrator | — | — |
| chrome_chrome | — | — | |
| juniper | junos_os | — | — |
| palo_alto_networks | pan-os | >= 10.0 < 10.0.1 | 10.0.1 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.16 | 8.1.16 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.10 | 9.0.10 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.4 | 9.1.4 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.1 | 10.0.1 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.16 | 8.1.16 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.10 | 9.0.10 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.4 | 9.1.4 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7m5c-wx89-wrj6: An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt
ghsa_unreviewed·2022-05-24
CVE-2020-2000 [HIGH] CWE-78 GHSA-7m5c-wx89-wrj6: An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Chrome
Stable Channel Update for Desktop: CVE-2023-1228
vendor_chrome·2023-03-07·CVSS 4.3
CVE-2023-1228 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1228
Stable Channel Update for Desktop
CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18 [$2000][ 1160485 ] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts
Reported by Thomas Orlita on 2020-12-20 [$2000][ 1404230 ] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2021-21209
vendor_chrome·2021-04-14·CVSS 6.5
CVE-2021-21209 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21209
Stable Channel Update for Desktop
CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem ( @tomvangoethem) on 2020-10-29 [$3000][ 1184562 ] Medium CVE-2021-21210: Inappropriate implementation in Network
Reported by @bananabr on 2021-03-04 [$2000][ 1103119 ] Medium CVE-2021-21211: Inappropriate implementation in Navigation
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2021-21135
vendor_chrome·2021-01-19·CVSS 6.5
CVE-2021-21135 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21135
Stable Channel Update for Desktop
CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11 [$2000][ 1038002 ] Low CVE-2021-21136: Insufficient policy enforcement in WebView
Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27 [$500][ 1093791 ] Low CVE-2021-21137: Inappropriate implementation in DevTools
Severity: medium
F5
CVE-2020-5947: In versions 16
vendor_f5·2020-11-19·CVSS 4.3
CVE-2020-5947 [MEDIUM] CVE-2020-5947: In versions 16
CVE-2020-5947: In versions 16
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).
Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Advanced WAF, BIG-IP Analytics, BIG-IP DHD, BIG-IP DNS, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, Ssl Orchestrator
Affected Versions: 15.0.0 - 15.1.2; 16.0.0 - 16.0.1
F5 Advisory Articles: K64571774
F5 References: https://support.f5.com/c
Palo Alto
PAN-OS: OS command injection and memory corruption vulnerability
vendor_paloalto·2020-11-11·CVSS 7.2
CVE-2020-2000 [HIGH] CWE-121 PAN-OS: OS command injection and memory corruption vulnerability
PAN-OS: OS command injection and memory corruption vulnerability
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.
Workaround: Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59888, and 59891 on a firewall protecting the management interface will block attacks against CVE-2020-2000.
This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best p
Chrome
Stable Channel Update for Desktop: CVE-2020-15981
vendor_chrome·2020-10-06·CVSS 6.5
CVE-2020-15981 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-15981
Stable Channel Update for Desktop
CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin on 2020-08-28 [$2000][ 1039882 ] Medium CVE-2020-15982: Side-channel information leakage in cache
Reported by Luan Herrera (@lbherrera_) on 2020-01-07 [$N/A][ 1076786 ] Medium CVE-2020-15983: Insufficient data validation in webUI
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6512
vendor_chrome·2020-07-14·CVSS 8.8
CVE-2020-6512 [HIGH] Stable Channel Update for Desktop: CVE-2020-6512
Stable Channel Update for Desktop
CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20
[$2000][ 1091404 ] High CVE-2020-6513: Heap buffer overflow in PDFium
Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6473
vendor_chrome·2020-05-19·CVSS 6.5
CVE-2020-6473 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6473
Stable Channel Update for Desktop
CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
[$2000][ 1059533 ] Medium CVE-2020-6474: Use after free in Blink
Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6455
vendor_chrome·2020-04-07·CVSS 8.8
CVE-2020-6455 [HIGH] Stable Channel Update for Desktop: CVE-2020-6455
Stable Channel Update for Desktop
CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
[$2000][ 1040325 ] High CVE-2020-6419: Out of bounds read and write in V8
Reported by David Manouchehri on 2020-01-09 [$N/A] [ 1066893 ] High CVE-2020-6572: Use after free in media
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6430
vendor_chrome·2020-04-07·CVSS 8.8
CVE-2020-6430 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6430
Stable Channel Update for Desktop
CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[$2000][ 1040755 ] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard
Reported by Michał Bentkowski of Securitum on 2020-01-10
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6396
vendor_chrome·2020-02-04·CVSS 4.3
CVE-2020-6396 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6396
Stable Channel Update for Desktop
CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie on 2019-12-18
[$2000][ 1027408 ] Medium CVE-2020-6397: Incorrect security UI in sharing
Reported by Khalil Zhani on 2019-11-22
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6398
vendor_chrome·2020-02-04·CVSS 8.8
CVE-2020-6398 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6398
Stable Channel Update for Desktop
CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk on 2019-12-09
[$2000][ 1039869 ] Medium CVE-2020-6399: Insufficient policy enforcement in AppCache
Reported by Luan Herrera (@lbherrera_) on 2020-01-07
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6381
vendor_chrome·2020-02-04·CVSS 8.8
CVE-2020-6381 [HIGH] Stable Channel Update for Desktop: CVE-2020-6381
Stable Channel Update for Desktop
CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre (NCSC) on 2019-12-09
[$2000][ 1031909 ] High CVE-2020-6382: Type Confusion in JavaScript
Reported by Soyeon Park and Wen Xu from SSLab, Gatech on 2019-12-08
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6378
vendor_chrome·2020-01-16·CVSS 8.8
CVE-2020-6378 [CRITICAL] Stable Channel Update for Desktop: CVE-2020-6378
Stable Channel Update for Desktop
CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio from Forcepoint on 2019-10-28
[$2000][ 1033407 ] High CVE-2020-6379: Use-after-free in speech recognizer
Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-12-12
Severity: critical
Suricata
GPL EXPLOIT .cmd executable file parsing attack
suricata·2010-09-23
CVE-2000-0886 GPL EXPLOIT .cmd executable file parsing attack
GPL EXPLOIT .cmd executable file parsing attack
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL EXPLOIT .cmd executable file parsing attack"; flow:established,to_server; http.uri; content:".cmd|22|"; nocase; pcre:"/^.*?\x26/Ri"; reference:bugtraq,1912; reference:cve,2000-0886; classtype:web-application-attack; sid:2103193; rev:6; metadata:created_at 2010_09_23, cve CVE_2000_0886, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_22;)
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004867; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004866; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004868; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techni
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004863; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004865; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004864; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
No public exploits indexed.
Talos
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Microsoft Excel contains a code execution vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000.
Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates Microsoft released, read Talos’ full blog here.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsMicrosoft Office Excel Ordinal43 code execution vulnerability (TALOS-2019-0968/CVE-2020-0759)
An exploitable use-after-free vulnerability exists in Excel in Microsoft
Talos
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
## Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Microsoft Excel contains a code execution vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000.
Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates Microsoft released, read Talos’ full blog here .
In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details Microsoft Office Excel Ordinal43 code execution vulnerability (TALOS-2019-0968/CVE-2020-0
2020-11-12
Published