CVE-2020-2039Uncontrolled Resource Consumption in Palo Alto Networks Pan-os

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
11.2%
top 6.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedSep 9
Latest updateMay 24

Description

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earli

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.16+3
CVEListV5palo_alto_networks/pan-os9.19.1.4+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-x42c-7gjh-r9fx: An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files thr2022-05-24
CVEList
PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload2020-09-09

📋Vendor Advisories

1
Palo Alto
PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload2020-09-09
CVE-2020-2039 — Uncontrolled Resource Consumption | cvebase