CVE-2020-2034OS Command Injection in Palo Alto Networks Pan-os

CWE-78OS Command Injection5 documents5 sources
Severity
8.1HIGHNVD
EPSS
77.8%
top 1.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJul 8
Latest updateMay 24

Description

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all ver

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.15+4
CVEListV5palo_alto_networks/pan-os9.19.1.3+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
GHSA
GHSA-77qg-vcj7-f3hj: An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS comm2022-05-24
CVEList
PAN-OS: OS command injection vulnerability in GlobalProtect portal2020-07-08
VulnCheck
Palo Alto Networks PAN-OS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2020

📋Vendor Advisories

1
Palo Alto
PAN-OS: OS command injection vulnerability in GlobalProtect portal2020-07-08
CVE-2020-2034 — OS Command Injection in Palo | cvebase