CVE-2020-2015Classic Buffer Overflow in Palo Alto Networks Pan-os

CWE-120Classic Buffer OverflowCWE-440Expected Behavior ViolationCWE-352Cross-Site Request ForgeryCWE-787Out-of-bounds WriteCWE-35Path Traversal: '.../...//'CWE-79Cross-site ScriptingCWE-190Integer Overflow or Wraparound37 documents13 sources
Severity
8.8HIGHNVD
GHSA9.6GHSA5.0
EPSS
1.7%
top 17.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedMay 13
Latest updateMay 25

Description

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDpaloaltonetworks/pan-os7.1.07.1.26+4
CVEListV5palo_alto_networks/pan-os9.09.0.7+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

10
OSV
nova vulnerabilities2023-02-13
GHSA
GHSA-jgg4-3qfh-59c9: A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary2022-05-24
GHSA
OpenNMS Horizon vulnerable to XSS2022-05-24
GHSA
Cross-Site Request Forgery in OpenNMS Horizon2021-05-25
GHSA
Cross-site Scripting in OpenNMS Horizon2021-05-25

💥Exploits & PoCs

5
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)2023-05-25
Exploit-DB
Microsoft Windows - Win32k Elevation of Privilege2020-12-02
Exploit-DB
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection2020-11-19
Exploit-DB
Online-Exam-System 2015 - 'feedback' SQL Injection2020-06-05
Exploit-DB
Online-Exam-System 2015 - 'fid' SQL Injection2020-05-28

📋Vendor Advisories

14
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Platform (Apache Derby) — CVE-2015-18322020-10-15
Red Hat
springframework: RFD protection bypass via jsessionid2020-09-17
Oracle
Oracle Oracle Supply Chain Risk Matrix: Middle Tier (Apache Commons Collections) — CVE-2015-75012020-07-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Promotions (jQuery) — CVE-2015-92512020-07-15
Red Hat
redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS2020-06-15

💬Community

5
Bugzilla
CVE-2020-5421 springframework: RFD protection bypass via jsessionid2020-09-21
Bugzilla
CVE-2020-14147 redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS2020-06-18
Bugzilla
CVE-2020-8167 rubygem-actionview: CSRF vulnerability in rails-ujs2020-06-02
Bugzilla
CVE-2015-9543 openstack-nova: leak consoleauth tokens into log files2020-02-20
Bugzilla
CVE-2015-9541 qt: XML entity expansion vulnerability2020-02-10
CVE-2020-2015 — Classic Buffer Overflow in Palo | cvebase