CVE-2020-2012 — XML External Entity (XXE) Injection in Palo Alto Networks Pan-os
Severity
7.5HIGHNVD
EPSS
3.5%
top 12.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
Latest updateMay 24
Description
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
2GHSA▶
GHSA-mrg8-5g36-q5f9: Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenti↗2022-05-24
CVEList▶
PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak↗2020-05-13
💥Exploits & PoCs
5Nuclei▶
Canon Devices - Authentication Bypass in Catwalk Server
📋Vendor Advisories
1Palo Alto▶
PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak↗2020-05-13