CVE-2020-2013
published 2020-05-13CVE-2020-2013: A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's…
PriorityP341high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.64%
46.0th percentile
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joyent | json | >= 0 < 2.3.0 | 2.3.0 |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 7.1 < 7.1.26 | 7.1.26 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.13 | 8.1.13 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.6 | 9.0.6 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.1 | 9.1.1 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.13 | 8.1.13 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.6 | 9.0.6 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.1 | 9.1.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Panorama context switch session cookie disclosure
vendor_paloalto·2020-05-13·CVSS 8.8
CVE-2020-2013 [HIGH] CWE-319 PAN-OS: Panorama context switch session cookie disclosure
PAN-OS: Panorama context switch session cookie disclosure
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.1, and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-li
Red Hat
php: multiple vulnerabilities in gdImageCrop()
vendor_redhat·2014-02-06·CVSS 6.8
CVE-2014-2020 [MEDIUM] php: multiple vulnerabilities in gdImageCrop()
php: multiple vulnerabilities in gdImageCrop()
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Statement: Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0).
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: gd (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-3cj6-6mmq-x25x: A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administr
ghsa_unreviewed·2022-05-24
CVE-2020-2013 [MEDIUM] GHSA-3cj6-6mmq-x25x: A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administr
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; and PAN-OS 9.1 versions earlier than 9.1.1.
GHSA
Unsafe object creation in json RubyGem
ghsa·2020-07-27·CVSS 7.5
CVE-2020-10663 [HIGH] CWE-20 Unsafe object creation in json RubyGem
Unsafe object creation in json RubyGem
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
Suricata
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
suricata·2014-11-25·CVSS 5.3
CVE-2013-1601 [MEDIUM] ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)"; flow:established,to_server; urilen:12; http.method; content:"GET"; http.uri; content:"/md/lums.cgi"; fast_pattern; reference:url,www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities; classtype:attempted-admin; sid:2019803; rev:4; metadata:created_at 2014_11_25, cve CVE_2013_1601, signature_severity Major, updated_at 2020_09_28;)
Suricata
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1599)
suricata·2014-11-25·CVSS 9.8
CVE-2013-1599 [CRITICAL] ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1599)
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1599)
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1599)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/rtpd.cgi?"; fast_pattern; reference:url,www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities; classtype:attempted-admin; sid:2019801; rev:4; metadata:created_at 2014_11_25, cve CVE_2013_1599, signature_severity Major, updated_at 2020_09_28;)
Exploit-DB
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
exploitdb·2021-06-07·CVSS 9.3
CVE-2013-4988 [CRITICAL] IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
---
# Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
# Date: 2020-05-20
# Exploit Author: Austin Babcock
# Vendor Homepage: https://icofx.ro/
# Software Link: https://drive.google.com/file/d/1SONzNStA_W3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing
# Version: 2.6.0.0
# Tested on: Windows 7 Ultimate x64
# CVE: CVE-2013-4988
# Steps: 1. Run script 2. Open application 3. Open maliciousJOP.ico via file -> open dropdown menu
# Payload Length: 1626 bytes
#While this is an older CVE, it is very rare to have a JOP chain available for a binary which is what this exploit attempts to demonstrate.
#Gadgets were found using the JOP ROCKET tool which is available at https://github.com/Bw3ll/JOP_ROCKET
#This exploi
Exploit-DB
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
exploitdb·2020-10-20·CVSS 9.8
CVE-2013-2251 [CRITICAL] Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
---
# Exploit Title: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
# Google Dork: ext:action | filetype:action
# Date: 2020/09/09
# Exploit Author: Jonatas Fil
# Vendor Homepage: http://struts.apache.org/release/2.3.x/docs/s2-016.html
# Version: <= 2.3.15
# Tested on: Linux
# CVE : CVE-2013-2251
#!/usr/bin/python
#
# coding=utf-8
#
# Struts 2 DefaultActionMapper Exploit [S2-016]
# Interactive Shell for CVE-2013-2251
#
# The Struts 2 DefaultActionMapper supports a method for short-circuit
navigation state changes by prefixing parameters with
# "action:" or "redirect:", followed by a desired navigational target
expression. This mechanism was intended to help with
# attaching navigational information to
Exploit-DB
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
exploitdb·2020-07-23
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
---
# Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
# Date: 2020-07-23
# Author: LiquidWorm
# Product web page: http://www.medivision.co.kr
# CVE: N/A
Vendor: UBICOD Co., Ltd. | MEDIVISION INC.
Product web page: http://www.medivision.co.kr
Affected version: Firmware 1.5.1 (2013.01.3)
Summary: Medivision is a service that provides everything from DID operation to
development of DID (Digital Information Display) optimized for hospital environment
and production of professional contents, through DID product installation, image,
video content planning, design work, and remote control. This is a one-stop solution
that solves management at once.
Desc: The application suffers from a privilege escalation vu
Bugzilla
CVE-2013-7489 python-beaker: Deserialization of Untrusted Data which can lead to Arbitrary code execution
bugzilla·2020-06-23·CVSS 6.8
CVE-2013-7489 [MEDIUM] CVE-2013-7489 python-beaker: Deserialization of Untrusted Data which can lead to Arbitrary code execution
CVE-2013-7489 python-beaker: Deserialization of Untrusted Data which can lead to Arbitrary code execution
python-beaker is affected by Deserialization of untrusted data which could lead to Arbitrary code execution.
References:
https://github.com/bbangert/beaker/issues/191
https://www.openwall.com/lists/oss-security/2020/05/14/11
Discussion:
Created python-beaker tracking bugs for this issue:
Affects: fedora-all [bug 1850106]
---
*** Bug 1849014 has been marked as a duplicate of this bug. ***
---
Flaw summary:
If an attacker is able to enter malicious payloads into the cache database (e.g. if they are on the network and have creds for the database), they could get remote code execution on the machine running Beaker due to deserialization of data from the cache database by Pickle.
Bugzilla
CVE-2013-2020 CVE-2013-2021 clamav: Multiple potential security issues fixed in upstream 0.97.8 version
bugzilla·2013-04-24·CVSS 5.0
CVE-2013-2020 [MEDIUM] CVE-2013-2020 CVE-2013-2021 clamav: Multiple potential security issues fixed in upstream 0.97.8 version
CVE-2013-2020 CVE-2013-2021 clamav: Multiple potential security issues fixed in upstream 0.97.8 version
Clam AntiVirus upstream has released 0.97.8 version correcting couple of potential security bugs:
[1] http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
[2] https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog
Discussion:
These issues affect the versions of the clamav package, as shipped with Fedora release of 17 and 18. Please schedule an update.
--
These issues did NOT affect the version of the clamav package, as shipped with Fedora EPEL 6 (it has been updated to clamav-0.97.8-1.el6 version already).
--
These issues affect the version of the clamav package, as shipped with Fedora EPEL 5. Please schedule an update.
---
Created clamav tracking bugs for thi
2020-05-13
Published