CVE-2020-2006Stack-based Buffer Overflow in Palo Alto Networks Pan-os

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-284Improper Access ControlCWE-287Improper Authentication10 documents7 sources
Severity
8.8HIGHNVD
CNA7.2
EPSS
1.5%
top 18.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedMay 13
Latest updateMay 24

Description

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/pan-os8.18.1.14+2
NVDpaloaltonetworks/pan-os7.1.07.1.26+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-h9hx-frq3-jv6m: A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbi2022-05-24
CVEList
PAN-OS: Buffer overflow in management server payload parser2020-05-13

💥Exploits & PoCs

2
Exploit-DB
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow2021-08-18
Exploit-DB
Asterisk Recording Interface 0.7.15 - 'Audio.php' Information Disclosure2006-04-21

📋Vendor Advisories

2
Citrix
CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic upda2020-07-24
Palo Alto
PAN-OS: Buffer overflow in management server payload parser2020-05-13

🕵️Threat Intelligence

1
Trendmicro
RCE Bug Returns in ISC BIND Server2021-02-25
CVE-2020-2006 — Stack-based Buffer Overflow in Palo | cvebase