cbcvebase.
CVE-2020-2014
published 2020-05-13

CVE-2020-2014: An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.66%
83.8th percentile
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.

Affected

13 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os
palo_alto_networkspan-os
palo_alto_networkspan-os>= 8.1 < 8.1.148.1.14
palo_alto_networkspan-os>= 9.0 < 9.0.79.0.7
paloaltopan-os
paloaltonetworkspan-os7.1.0 – 7.1.26
paloaltonetworkspan-os8.0.0 – 8.0.20
paloaltonetworkspan-os8.1.0 – 8.1.13
paloaltonetworkspan-os9.0.0 – 9.0.6
zabbixzabbix>= 0 < 1:2.2.2+dfsg-1ubuntu1+esm41:2.2.2+dfsg-1ubuntu1+esm4
zabbixzabbix>= 0 < 1:2.4.7+dfsg-2ubuntu2.1+esm31:2.4.7+dfsg-2ubuntu2.1+esm3
zabbixzabbix>= 0 < 1:3.0.12+dfsg-1ubuntu0.1~esm31:3.0.12+dfsg-1ubuntu0.1~esm3
zabbixzabbix>= 0 < 1:4.0.17+dfsg-1ubuntu0.1~esm11:4.0.17+dfsg-1ubuntu0.1~esm1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.8CRITICAL
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.