CVE-2020-2002
published 2020-05-13CVE-2020-2002: An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify…
PriorityP347high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.30%
66.8th percentile
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 7.1 < 7.1.26 | 7.1.26 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.13 | 8.1.13 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.6 | 9.0.6 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.26 | 7.1.26 |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.13 | 8.1.13 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vhw-349f-2gq5: An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing
ghsa_unreviewed·2022-05-24
CVE-2020-2002 [MEDIUM] GHSA-2vhw-349f-2gq5: An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6.
Citrix
Citrix Workspace app for Windows Security Update
vendor_citrix·2020-09-08·CVSS 8.8
CVE-2020-8207 [HIGH] Citrix Workspace app for Windows Security Update
Citrix Workspace app for Windows Security Update
of Problem A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. The issue has the following identifier: CVE-2020-8207 This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app 2002, 2006 and 2006.1 for Windows Citrix Workspace app 1912 LTSR for Windows (before CU1 Hotfix 1) Note that this vulnerability was originally reported against a subset of the versions above. However,
Palo Alto
PAN-OS: Spoofed Kerberos key distribution center authentication bypass
vendor_paloalto·2020-05-13·CVSS 8.1
CVE-2020-2002 [HIGH] CWE-290 PAN-OS: Spoofed Kerberos key distribution center authentication bypass
PAN-OS: Spoofed Kerberos key distribution center authentication bypass
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance
Suricata
ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ssh2|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013006; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=phar|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013005; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ogg|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013008; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=rar|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013007; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=expect|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013009; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=data|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013003; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible https Local File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=https|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2012998; rev:5; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2011_06_10, cve CVE_2002_0953, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signature_severity Major, tag Local_File_Inclusion, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_i
Suricata
ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=glob|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013004; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ftps|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013000; rev:5; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2011_06_10, cve CVE_2002_0953, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signature_severity Major, tag Local_File_Inclusion, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id T
Suricata
ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ftp|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2012999; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=php|3a|//"; reference:cve,2002-0953; reference:cve,2024-4577; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013001; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=zlib|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013014; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=file|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013002; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
No writeups or analysis indexed.
2020-05-13
Published