CVE-2020-2010OS Command Injection in Palo Alto Networks Pan-os

CWE-78OS Command InjectionCWE-287Improper Authentication14 documents9 sources
Severity
7.2HIGHNVD
EPSS
3.2%
top 12.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedMay 13
Latest updateMay 24

Description

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/pan-os9.09.0.7+3
NVDpaloaltonetworks/pan-os7.1.07.1.26+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
GHSA
GHSA-862c-64g7-8p44: An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root2022-05-24
CVEList
PAN-OS: Authenticated user command injection vulnerability2020-05-13
GHSA
Authentication and extension bypass in Faye2020-04-29

💥Exploits & PoCs

6
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)2021-07-23
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution2020-08-17
Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution2020-03-02
Exploit-DB
FreeBSD - 'mountnfs()' Denial of Service2010-06-23
Exploit-DB
FreeBSD 8.0/7.3/7.2 - 'nfs_mount()' Local Privilege Escalation2010-06-23

📋Vendor Advisories

1
Palo Alto
PAN-OS: Authenticated user command injection vulnerability2020-05-13
CVE-2020-2010 — OS Command Injection in Palo | cvebase