CVE-2020-2039
published 2020-09-09CVE-2020-2039: An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the…
PriorityP347medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
46.38%
98.7th percentile
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.0 < 10.0.1 | 10.0.1 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.16 | 8.1.16 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.10 | 9.0.10 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.4 | 9.1.4 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.1 | 10.0.1 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.16 | 8.1.16 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.10 | 9.0.10 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.4 | 9.1.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x42c-7gjh-r9fx: An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files thr
ghsa_unreviewed·2022-05-24
CVE-2020-2039 [MEDIUM] GHSA-x42c-7gjh-r9fx: An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files thr
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Palo Alto
PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
vendor_paloalto·2020-09-09·CVSS 5.3
CVE-2020-2039 [MEDIUM] CWE-400 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.
Workaround: Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59957 on traffic destined for the Global
No detection rules found.
No public exploits indexed.
Qualys
PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
blogs_qualys·2020-09-22·CVSS 8.8
CVE-2020-2040 [HIGH] PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
## Table of Contents
DiscoverPAN-OS Buffer Overflow CVE-2020-2040 Vulnerability
On Sept 9, 2020, Palo Alto Networks published nine security bulletins addressing vulnerabilities in PAN-OS operating system versions 8.0 or later. One of the nine CVEs released, CVE-2020-2040 , received a critical severity rating score of 9.8 based on the CVSS v3 Scoring system.
PAN-OS devices are vulnerable to CVE-2020-2040, when a Captive Portal or multi-factor authentication interface is enabled. Once exploited, an unauthenticated user can gain root privileges by sending a malicious request to the PAN-OS device. This vulnerability is rated as critical mainly for two reasons. First, it doesn’t require any authentication; and second, it has the potential to disrupt system processes and execute arbitrary cod
Tenable
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
blogs_tenable·2020-09-10·CVSS 9.8
[CRITICAL] CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-09-09
Published