CVE-2020-2009 — External Control of File Name or Path in Palo Alto Networks Pan-os

CWE-73 — External Control of File Name or Path CWE-610 — Externally Controlled Reference to a Resource in Another Sphere CWE-269 — Improper Privilege Management CWE-776 — XML Entity Expansion13 documents11 sources

Severity

7.2HIGHNVD

EPSS

1.5%

top 18.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedMay 13

Latest updateMay 24

Description

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.14+3

▶NVDpaloaltonetworks/pan-os7.1.0 — 7.1.26+3

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-9pcm-2c87-cmr2: An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to s↗2022-05-24

▶

OSV

glibc vulnerabilities↗2021-05-14

▶

CVEList

PAN-OS: Panorama SD WAN arbitrary file creation↗2020-05-13

▶

GHSA

Feedgen Vulnerable to XML Denial of Service Attacks↗2020-01-28

▶

💥Exploits & PoCs

Exploit-DB

CompleteFTP Professional 12.1.3 - Remote Code Execution↗2020-07-09

▶

Exploit-DB

virtue news - SQL Injection / Cross-Site Scripting↗2009-06-08

▶

📋Vendor Advisories

Citrix

CVE-2020-8283: An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2↗2020-12-14

▶

Palo Alto

PAN-OS: Panorama SD WAN arbitrary file creation↗2020-05-13

▶

💬Community

Bugzilla

CVE-2020-10712 openshift/cluster-image-registry-operator: secrets disclosed in logs↗2020-04-17

▶