CVE-2020-2041 — Palo Alto Networks Pan-os vulnerability

CWE-164 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 19.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedSep 9

Latest updateMay 24

Description

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.16+1

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.16+1

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-6895-cxrm-x3p4: An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8↗2022-05-24

▶

CVEList

PAN-OS: Management web interface denial-of-service (DoS)↗2020-09-09

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Management web interface denial-of-service (DoS)↗2020-09-09

▶