Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-2038OS Command Injection in Palo Alto Networks Pan-os

CWE-78OS Command Injection6 documents6 sources
Severity
7.2HIGHNVD
EPSS
88.0%
top 0.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedSep 9
Latest updateAug 31

Description

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDpaloaltonetworks/pan-os9.0.09.0.10+2
CVEListV5palo_alto_networks/pan-os10.010.0.1+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-qq25-3qfm-wpjj: An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands wit2022-05-24
CVEList
PAN-OS: OS command injection vulnerability in the management web interface2020-09-09

💥Exploits & PoCs

1
Exploit-DB
PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)2022-08-09

🔍Detection Rules

1
Suricata
ET EXPLOIT PAN-OS OS Command Injecton Attempt Inbound (CVE-2020-2038)2022-08-31

📋Vendor Advisories

1
Palo Alto
PAN-OS: OS command injection vulnerability in the management web interface2020-09-09
CVE-2020-2038 — OS Command Injection in Palo | cvebase