cbcvebase.
CVE-2020-2018
published 2020-05-13

CVE-2020-2018: An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to…

PriorityP260critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
1.32%
67.4th percentile
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.

Affected

12 ranges
VendorProductVersion rangeFixed in
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_gnutls_3.6.14-6_on_cbl_mariner_1.0
palo_alto_networkspan-os
palo_alto_networkspan-os>= 7.1 < 7.1.267.1.26
palo_alto_networkspan-os>= 8.1 < 8.1.128.1.12
palo_alto_networkspan-os>= 9.0 < 9.0.69.0.6
paloaltopan-os
paloaltonetworkspan-os>= 7.1.0 < 7.1.267.1.26
paloaltonetworkspan-os8.0.0 – 8.0.20
paloaltonetworkspan-os>= 8.1.0 < 8.1.128.1.12
paloaltonetworkspan-os>= 9.0.0 < 9.0.69.0.6

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability targets the Panorama context switching feature — monitor for unexpected context switches or privileged access to managed firewalls originating from the Panorama management interface without corresponding authenticated sessions.
  • Restrict and monitor network access to the Panorama management interface; any inbound connections from untrusted or unexpected sources to this interface should be treated as high-priority alerts.
  • Audit whether Panorama is using custom certificates for Panorama-to-managed-device communication; absence of custom certificates indicates the environment is vulnerable and exploitation cannot be ruled out.
  • ·Panorama instances configured with custom certificates authentication between Panorama and managed devices are NOT affected by this vulnerability — verify this configuration before treating an instance as vulnerable.
  • ·Affected PAN-OS version ranges: 7.1 < 7.1.26, 8.1 < 8.1.12, 9.0 < 9.0.6, and ALL versions of PAN-OS 8.0 (EOL). Upgrading Panorama alone to a fixed version is sufficient to resolve the issue.
  • ·PAN-OS 8.0 is end-of-life and will not receive a patch; all 8.0 deployments remain permanently vulnerable unless upgraded or the custom-certificate workaround is applied.

CVSS provenance

nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.