CVE-2020-2008
published 2020-05-13CVE-2020-2008: An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.76%
84.4th percentile
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_net_framework_2.0_service_pack_2 | — | — |
| msrc | microsoft_net_framework_3.0_service_pack_2 | — | — |
| msrc | microsoft_net_framework_3.5 | — | — |
| msrc | microsoft_net_framework_3.5.1 | — | — |
| msrc | microsoft_net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2 | — | — |
| msrc | microsoft_net_framework_3.5_and_4.6_4.6.1_4.6.2 | — | — |
| msrc | microsoft_net_framework_3.5_and_4.7.1_4.7.2 | — | — |
| msrc | microsoft_net_framework_3.5_and_4.7.2 | — | — |
| msrc | microsoft_net_framework_3.5_and_4.8 | — | — |
| msrc | microsoft_net_framework_4.5.2 | — | — |
| msrc | microsoft_net_framework_4.6 | — | — |
| msrc | microsoft_net_framework_4.6_4.6.1_4.6.2_4.7_4.7.1_4.7.2 | — | — |
| msrc | microsoft_net_framework_4.8 | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2010_service_pack_2 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | net_core_2.1 | — | — |
| msrc | net_core_3.1 | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.14 | 8.1.14 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_msrc7.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: OS command injection or arbitrary file deletion vulnerability
vendor_paloalto·2020-05-13·CVSS 7.2
CVE-2020-2008 [HIGH] CWE-73 PAN-OS: OS command injection or arbitrary file deletion vulnerability
PAN-OS: OS command injection or arbitrary file deletion vulnerability
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.
Workaround: This issue affects the management interface of PAN-OS and is strongly mitigate
GHSA
GHSA-r6cm-93j6-3mh3: An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute cod
ghsa_unreviewed·2022-05-24
CVE-2020-2008 [HIGH] GHSA-r6cm-93j6-3mh3: An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute cod
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.
Suricata
ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
suricata·2010-07-30
CVE-2008-1947 ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/host-manager/html/add"; nocase; content:"method="; nocase; pcre:"/(script|img|src|onmouse|onkey|onload|ondragdrop|onblur|onfocus|onclick)/i"; reference:url,www.securityfocus.com/bid/29502/info; reference:cve,2008-1947; classtype:web-application-attack; sid:2010146; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_1947, deployment Datacenter, confidence Medium, signature_severity Major, tag XSS, tag Cross_Site_Scripting, updated_at 2020_09_1
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2008-0785 [HIGH] ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT"; flow:established,to_server; http.uri; content:"tree.php?"; nocase; content:"leaf_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2008-0785; reference:bugtraq,27749; classtype:web-application-attack; sid:2007895; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_
Suricata
ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
suricata·2010-07-30
CVE-2008-2165 ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/ekgnkm/AccessCodeStart.asp"; nocase; pcre:"/(script|img|src|alert|onmouse|onkey|onload|ondragdrop|onblur|onfocus|onclick)/i"; reference:url,www.securityfocus.com/bid/29191/info; reference:cve,2008-2165; classtype:attempted-user; sid:2010506; rev:7; metadata:created_at 2010_07_30, cve CVE_2008_2165, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_10;)
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2008-0785 [HIGH] ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT"; flow:established,to_server; http.uri; content:"tree.php?"; nocase; content:"leaf_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2008-0785; reference:bugtraq,27749; classtype:web-application-attack; sid:2007894; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Ex
Suricata
ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
suricata·2010-07-30
CVE-2008-2165 ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt"; flow:established,to_server; http.uri; content:"|2F|ekgnkm|2F|AccessCodeStart|2E|asp"; nocase; pcre:"/(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:url,www.securityfocus.com/bid/29191/info; reference:cve,2008-2165; classtype:attempted-user; sid:2010460; rev:7; metadata:created_at 2010_07_30, cve CVE_2008_2165, signature_severity Major, updated_at 2020_09_14;)
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2008-0785 [HIGH] ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT"; flow:established,to_server; http.uri; content:"tree.php?"; nocase; content:"leaf_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2008-0785; reference:bugtraq,27749; classtype:web-application-attack; sid:2007893; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_
Suricata
ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
suricata·2010-07-30
CVE-2008-5841 ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/reviews.php?"; nocase; content:"browse="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; pcre:"/UNION.+SELECT/i"; reference:cve,2008-5841; reference:bugtraq,31340; reference:url,milw0rm.com/exploits/6540; classtype:web-application-attack; sid:2009069; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_5841, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_04, mitre_tactic_id TA0001, mi
2020-05-13
Published