cbcvebase.
CVE-2020-2001
published 2020-05-13

CVE-2020-2001: An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.33%
67.6th percentile
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama.

Affected

11 ranges
VendorProductVersion rangeFixed in
github.comoauth2-proxy_oauth2-proxy>= 0 < 5.1.15.1.1
juniperjunos_os
palo_alto_networkspan-os
palo_alto_networkspan-os
palo_alto_networkspan-os>= 8.1 < 8.1.128.1.12
palo_alto_networkspan-os>= 9.0 < 9.0.69.0.6
paloaltopan-os
paloaltonetworkspan-os7.1.0 – 7.1.26
paloaltonetworkspan-os8.0.0 – 8.0.20
paloaltonetworkspan-os>= 8.1.0 < 8.1.128.1.12
paloaltonetworkspan-os>= 9.0.0 < 9.0.69.0.6

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the XSLT processing logic of PAN-OS Panorama management interface; monitor for unauthenticated requests to the PAN-OS management web interface that trigger XSLT processing, particularly those attempting to write files to the filesystem.
  • Attack surface is the PAN-OS management web interface; restrict and monitor access to this interface for anomalous unauthenticated activity.
  • ·PAN-OS 7.1 (all Panorama versions) and PAN-OS 8.0 (all Panorama versions) are fully affected with no patched release available; 7.1 is on extended support and only considered for critical fixes, 8.0 is end-of-life.
  • ·Fixed versions are PAN-OS 8.1.12 and PAN-OS 9.0.6; detection/triage should prioritize Panorama instances running versions below these thresholds.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.