CVE-2020-2014
published 2020-05-13CVE-2020-2014: An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.66%
83.8th percentile
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.14 | 8.1.14 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.7 | 9.0.7 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.13 | — |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.6 | — |
| zabbix | zabbix | >= 0 < 1:2.2.2+dfsg-1ubuntu1+esm4 | 1:2.2.2+dfsg-1ubuntu1+esm4 |
| zabbix | zabbix | >= 0 < 1:2.4.7+dfsg-2ubuntu2.1+esm3 | 1:2.4.7+dfsg-2ubuntu2.1+esm3 |
| zabbix | zabbix | >= 0 < 1:3.0.12+dfsg-1ubuntu0.1~esm3 | 1:3.0.12+dfsg-1ubuntu0.1~esm3 |
| zabbix | zabbix | >= 0 < 1:4.0.17+dfsg-1ubuntu0.1~esm1 | 1:4.0.17+dfsg-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.8CRITICAL
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: OS injection vulnerability in PAN-OS management server
vendor_paloalto·2020-05-13·CVSS 8.8
CVE-2020-2014 [HIGH] CWE-78 PAN-OS: OS injection vulnerability in PAN-OS management server
PAN-OS: OS injection vulnerability in PAN-OS management server
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges.
This issue affects:
All versions of PAN-OS 7.1 and 8.0;
PAN-OS 8.1 versions earlier than 8.1.14;
PAN-OS 9.0 versions earlier than 9.0.7.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.
Workaround: This issue affects the management in
Red Hat
php: multiple vulnerabilities in gdImageCrop()
vendor_redhat·2014-02-06·CVSS 6.8
CVE-2014-2020 [MEDIUM] php: multiple vulnerabilities in gdImageCrop()
php: multiple vulnerabilities in gdImageCrop()
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Statement: Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0).
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: gd (Red Hat Enterprise Linux 5) - Not affected
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control System
vendor_cisco
CVE-2014-0650 Multiple Vulnerabilities in Cisco Secure Access Control System
CVE-2014-0650: Multiple Vulnerabilities in Cisco Secure Access Control System
Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for internode communication using TCP ports 2020 and 2030. These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/Ci
OSV
zabbix vulnerabilities
osv·2022-06-15·CVSS 9.8
CVE-2020-11800 zabbix vulnerabilities
zabbix vulnerabilities
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inp
GHSA
GHSA-fm7w-qw4q-fjmw: An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root
ghsa_unreviewed·2022-05-24
CVE-2020-2014 [HIGH] GHSA-fm7w-qw4q-fjmw: An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
OSV
libdbi-perl vulnerabilities
osv·2021-08-04·CVSS 6.1
CVE-2014-10402 libdbi-perl vulnerabilities
libdbi-perl vulnerabilities
It was discovered that the Perl DBI module incorrectly opened files outside
of the folder specified in the data source name. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2014-10402)
It was discovered that the Perl DBI module incorrectly handled certain long
strings. A local attacker could possibly use this issue to cause the DBI
module to crash, resulting in a denial of service. This issue only affected
Ubuntu 18.04 LTS. (CVE-2020-14393)
Kernel
vgacon: Fix a UAF in vgacon_invert_region
kernel_security·2020-03-04
CVE-2020-8647 vgacon: Fix a UAF in vgacon_invert_region
vgacon: Fix a UAF in vgacon_invert_region
When syzkaller tests, there is a UAF:
BUG: KASan: use after free in vgacon_invert_region+0x9d/0x110 at addr
ffff880000100000
Read of size 2 by task syz-executor.1/16489
page:ffffea0000004000 count:0 mapcount:-127 mapping: (null)
index:0x0
page flags: 0xfffff00000000()
page dumped because: kasan: bad access detected
CPU: 1 PID: 16489 Comm: syz-executor.1 Not tainted
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
Call Trace:
[] dump_stack+0x1e/0x20
[] kasan_report+0x577/0x950
[] __asan_load2+0x62/0x80
[] vgacon_invert_region+0x9d/0x110
[] invert_screen+0xe5/0x470
[] set_selection+0x44b/0x12f0
[] tioclinux+0xee/0x490
[] vt_ioctl+0xff4/0x2670
[] tty_ioctl+0x46a/0x1a10
[] do_vfs_ioc
Kernel
vt: selection, close sel_buffer race
kernel_security·2020-02-10·CVSS 7.1
CVE-2020-8648 [HIGH] vt: selection, close sel_buffer race
vt: selection, close sel_buffer race
syzkaller reported this UAF:
BUG: KASAN: use-after-free in n_tty_receive_buf_common+0x2481/0x2940 drivers/tty/n_tty.c:1741
Read of size 1 at addr ffff8880089e40e9 by task syz-executor.1/13184
CPU: 0 PID: 13184 Comm: syz-executor.1 Not tainted 5.4.7 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
...
kasan_report+0xe/0x20 mm/kasan/common.c:634
n_tty_receive_buf_common+0x2481/0x2940 drivers/tty/n_tty.c:1741
tty_ldisc_receive_buf+0xac/0x190 drivers/tty/tty_buffer.c:461
paste_selection+0x297/0x400 drivers/tty/vt/selection.c:372
tioclinux+0x20d/0x4e0 drivers/tty/vt/vt.c:3044
vt_ioctl+0x1bcf/0x28d0 drivers/tty/vt/vt_ioctl.c:364
tty_ioctl+0x525/0x15a0 drivers/tty/tty_io.c:2657
vfs_ioctl fs/ioctl.c:47 [inline]
I
Suricata
ET EXPLOIT QNAP Shellshock CVE-2014-6271
suricata·2014-12-10·CVSS 9.8
CVE-2014-6271 [CRITICAL] ET EXPLOIT QNAP Shellshock CVE-2014-6271
ET EXPLOIT QNAP Shellshock CVE-2014-6271
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT QNAP Shellshock CVE-2014-6271"; flow:established,to_server; http.uri; content:"authLogin.cgi"; http.header; content:"|28 29 20 7b|"; fast_pattern; reference:url,www.fireeye.com/blog/threat-research/2014/10/the-shellshock-aftershock-for-nas-administrators.html; reference:url,blogs.akamai.com/2014/09/environment-bashing.html; reference:cve,2014-6271; classtype:attempted-admin; sid:2019904; rev:5; metadata:created_at 2014_12_10, cve CVE_2014_6271, signature_severity Major, tag CISA_KEV, updated_at 2020_10_13;)
Suricata
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
suricata·2014-11-25·CVSS 5.3
CVE-2013-1601 [MEDIUM] ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)"; flow:established,to_server; urilen:12; http.method; content:"GET"; http.uri; content:"/md/lums.cgi"; fast_pattern; reference:url,www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilities; classtype:attempted-admin; sid:2019803; rev:4; metadata:created_at 2014_11_25, cve CVE_2013_1601, signature_severity Major, updated_at 2020_09_28;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4"; flow:established,to_server; http.request_body; content:"nam%65%5b"; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])nam\%65\%5b[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019425; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_25;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18"; flow:established,to_server; http.request_body; content:"%6eame%5b"; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eame\%5b[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019439; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, updated_at 2020_09_25;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19"; flow:established,to_server; http.request_body; content:"%6eam%65["; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eam\%65\[[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019440; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, updated_at 2020_09_25;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17"; flow:established,to_server; http.request_body; content:"%6eame["; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eame\[[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019438; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, updated_at 2020_09_25;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1"; flow:established,to_server; http.request_body; content:"name["; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])name\[[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019422; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_25;)
Suricata
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2
suricata·2014-10-16·CVSS 7.5
CVE-2014-3704 [HIGH] ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2
ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2"; flow:established,to_server; http.request_body; content:"name%5b"; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])name\%5b[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019423; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_25;)
Suricata
ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie
suricata·2014-09-25·CVSS 9.8
CVE-2014-6271 [CRITICAL] ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie
ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie"; flow:established,to_server; http.cookie; content:"|28 29 20 7b|"; reference:url,blogs.akamai.com/2014/09/environment-bashing.html; classtype:attempted-admin; sid:2019239; rev:5; metadata:created_at 2014_09_25, cve CVE_2014_6271, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_12;)
Suricata
ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
suricata·2014-06-13·CVSS 6.8
CVE-2014-0195 [MEDIUM] ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195"; content:"|16 fe ff 00 00 00 00 00 00 00|"; depth:10; content:"|01|"; distance:3; within:1; byte_test:3,>,0,0,relative; byte_test:3,>,0,8,relative; byte_extract:3,0,frag_len,relative; byte_jump:3,5,relative; content:"|01|"; within:1; byte_test:3,!=,frag_len,0,relative; reference:url,h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002; classtype:attempted-user; sid:2018560; rev:3; metadata:created_at 2014_06_13, cve CVE_2014_0195, confidence Medium, signature_severity Major, updated_at 2020_08_19, reviewed_at 2
No writeups or analysis indexed.
2020-05-13
Published