CVE-2020-2018
published 2020-05-13CVE-2020-2018: An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to…
PriorityP260critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
1.32%
67.4th percentile
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_gnutls_3.6.14-6_on_cbl_mariner_1.0 | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 7.1 < 7.1.26 | 7.1.26 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.12 | 8.1.12 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.6 | 9.0.6 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.26 | 7.1.26 |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.12 | 8.1.12 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.6 | 9.0.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability targets the Panorama context switching feature — monitor for unexpected context switches or privileged access to managed firewalls originating from the Panorama management interface without corresponding authenticated sessions. ↗
- →Restrict and monitor network access to the Panorama management interface; any inbound connections from untrusted or unexpected sources to this interface should be treated as high-priority alerts. ↗
- →Audit whether Panorama is using custom certificates for Panorama-to-managed-device communication; absence of custom certificates indicates the environment is vulnerable and exploitation cannot be ruled out. ↗
- ·Panorama instances configured with custom certificates authentication between Panorama and managed devices are NOT affected by this vulnerability — verify this configuration before treating an instance as vulnerable. ↗
- ·Affected PAN-OS version ranges: 7.1 < 7.1.26, 8.1 < 8.1.12, 9.0 < 9.0.6, and ALL versions of PAN-OS 8.0 (EOL). Upgrading Panorama alone to a fixed version is sufficient to resolve the issue. ↗
- ·PAN-OS 8.0 is end-of-life and will not receive a patch; all 8.0 deployments remain permanently vulnerable unless upgraded or the custom-certificate workaround is applied. ↗
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7qj6-jfj8-2jr9: An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panor
ghsa_unreviewed·2022-05-24
CVE-2020-2018 [HIGH] GHSA-7qj6-jfj8-2jr9: An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panor
An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Microsoft
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3). The earliest affected version is
vendor_msrc·2020-06-09·CVSS 7.4
CVE-2020-13777 [HIGH] CWE-327 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3). The earliest affected version is
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation the TLS server always uses wrong data in place of an encryption key derived from an application.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tran
Palo Alto
PAN-OS: Panorama authentication bypass vulnerability
vendor_paloalto·2020-05-13·CVSS 9.0
CVE-2020-2018 [CRITICAL] CWE-287 PAN-OS: Panorama authentication bypass vulnerability
PAN-OS: Panorama authentication bypass vulnerability
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue.
This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.
Upgrading Panorama to a fixed version is sufficient to resolve the issue.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Ass
Suricata
ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
suricata·2020-06-11·CVSS 8.8
CVE-2018-13023 [HIGH] ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/luci/|3b|stok="; fast_pattern; content:"&sns=sns&grant=1&guest_user_id=guid&timeout="; distance:0; reference:url,blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09; reference:cve,2018-13023; classtype:attempted-admin; sid:2030311; rev:3; metadata:affected_product Linux, attack_target IoT, created_at 2020_06_11, cve CVE_2018_13023, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07, mitre_tactic_id
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2"; flow:established,to_server; http.uri; content:"/images/IOMemoryPool.png?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026010; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
No public exploits indexed.
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
2020-05-13
Published