CVE-2020-2014 — OS Command Injection in Palo Alto Networks Pan-os

CWE-78 — OS Command Injection14 documents11 sources

Severity

8.8HIGHNVD

EPSS

4.9%

top 10.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedMay 13

Latest updateJun 15

Description

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.14+3

▶NVDpaloaltonetworks/pan-os7.1.0 — 7.1.26+3

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

OSV

zabbix vulnerabilities↗2022-06-15

▶

GHSA

GHSA-fm7w-qw4q-fjmw: An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root↗2022-05-24

▶

OSV

libdbi-perl vulnerabilities↗2021-08-04

▶

CVEList

PAN-OS: OS injection vulnerability in PAN-OS management server↗2020-05-13

▶

Kernel

vgacon: Fix a UAF in vgacon_invert_region↗2020-03-04

▶

💥Exploits & PoCs

Exploit-DB

xglance-bin 11.00 - Privilege Escalation↗2020-02-05

▶

📋Vendor Advisories

Palo Alto

PAN-OS: OS injection vulnerability in PAN-OS management server↗2020-05-13

▶

Red Hat

php: multiple vulnerabilities in gdImageCrop()↗2014-02-06

▶