CVE-2020-2040
published 2020-09-09CVE-2020-2040: A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.94%
89.1th percentile
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.15 | 8.1.15 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.9 | 9.0.9 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.3 | 9.1.3 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.15 | 8.1.15 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.9 | 9.0.9 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.3 | 9.1.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is exploitable only when Captive Portal or Multi-Factor Authentication (MFA) interface is enabled on PAN-OS; detection/hunting should focus on anomalous or malformed requests to those interfaces from unauthenticated sources. ↗
- →Palo Alto Networks Threat Prevention content update version 8317 contains signatures that block exploitation of CVE-2020-2040; verify content version is 8317 or later and signatures are enabled. ↗
- →Qualys QID 13975 (signature version VULNSIGS-2.4.986-2 and above, authenticated scan) detects CVE-2020-2040 on PAN-OS hosts. ↗
- →The vulnerability does NOT affect the GlobalProtect VPN or the PAN-OS management web interfaces; scope detection efforts to Captive Portal / MFA interfaces only. ↗
- ·PAN-OS 8.0 (all versions) is end-of-life and fully affected; no patched release exists for that branch — only mitigation via content update 8317 or upgrade to a supported branch. ↗
- ·The attack surface is conditional: the vulnerability is only present when Captive Portal or MFA interface is explicitly enabled in the PAN-OS configuration. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
vendor_paloalto·2020-09-09·CVSS 9.8
CVE-2020-2040 [CRITICAL] CWE-120 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.
This issue impacts:
All versions of PAN-OS 8.0;
PAN-OS 8.1 versions earlier than PAN-OS 8.1.15;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.9;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
This issue does not impact the GlobalProtect VPN or the PAN-OS management web interfaces.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.
All Prisma Access services are
GHSA
GHSA-pf79-9hv7-chg5: A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with r
ghsa_unreviewed·2022-05-24
CVE-2020-2040 [HIGH] GHSA-pf79-9hv7-chg5: A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with r
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
No detection rules found.
No public exploits indexed.
Tenable
One Year Later: What Can We Learn from Zerologon?
blogs_tenable·2021-08-11
One Year Later: What Can We Learn from Zerologon?
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
blogs_qualys·2020-09-22·CVSS 8.8
CVE-2020-2040 [HIGH] PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
## Table of Contents
DiscoverPAN-OS Buffer Overflow CVE-2020-2040 Vulnerability
On Sept 9, 2020, Palo Alto Networks published nine security bulletins addressing vulnerabilities in PAN-OS operating system versions 8.0 or later. One of the nine CVEs released, CVE-2020-2040 , received a critical severity rating score of 9.8 based on the CVSS v3 Scoring system.
PAN-OS devices are vulnerable to CVE-2020-2040, when a Captive Portal or multi-factor authentication interface is enabled. Once exploited, an unauthenticated user can gain root privileges by sending a malicious request to the PAN-OS device. This vulnerability is rated as critical mainly for two reasons. First, it doesn’t require any authentication; and second, it has the potential to disrupt system processes and execute arbitrary cod
Qualys
PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR® | Qualys
blogs_qualys·2020-09-22·CVSS 9.8
CVE-2020-2040 [CRITICAL] PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR® | Qualys
#### Table of Contents
- DiscoverPAN-OS Buffer Overflow CVE-2020-2040 Vulnerability
On Sept 9, 2020, Palo Alto Networks published nine security bulletins addressing vulnerabilities in PAN-OS operating system versions 8.0 or later. One of the nine CVEs released, CVE-2020-2040, received a critical severity rating score of 9.8 based on the CVSS v3 Scoring system.
PAN-OS devices are vulnerable to CVE-2020-2040, when a Captive Portal or multi-factor authentication interface is enabled. Once exploited, an unauthenticated user can gain root privileges by sending a malicious request to the PAN-OS device. This vulnerability is rated as critical mainly for two reasons. First, it doesn’t require any authentication; and second, it has the potential to disrupt system processes and execute arbitrary
Checkpoint
14th September – Threat Intelligence Bulletin
blogs_checkpoint·2020-09-14
CVE-2020-2040 14th September – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 14th September – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 14th September 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US data center giant Equinix has been hit by the Netwalker ransomware. The threat actor demanded $4.5 million worth of bitcoin in exchange for decryption keys and to prevent release of stolen data. Also hit by Netwalker were Argentina’s immigration agency , and the largest power supplier in Pakistan, K-Electric
Tenable
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
blogs_tenable·2020-09-10·CVSS 9.8
[CRITICAL] CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-09-09
Published