CVE-2020-2041
published 2020-09-09CVE-2020-2041: An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.14%
79.7th percentile
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.16 | 8.1.16 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.16 | 8.1.16 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Management web interface denial-of-service (DoS)
vendor_paloalto·2020-09-09·CVSS 7.5
CVE-2020-2041 [HIGH] CWE-16 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS: Management web interface denial-of-service (DoS)
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.
This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.16 and all later PAN-OS versions.
PAN-OS 7.1 and PAN-OS 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.
Workaround: This issue impacts the management web interface of PA
GHSA
GHSA-6895-cxrm-x3p4: An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8
ghsa_unreviewed·2022-05-24
CVE-2020-2041 [HIGH] GHSA-6895-cxrm-x3p4: An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.
No detection rules found.
No public exploits indexed.
Qualys
PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
blogs_qualys·2020-09-22·CVSS 8.8
CVE-2020-2040 [HIGH] PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
## Table of Contents
DiscoverPAN-OS Buffer Overflow CVE-2020-2040 Vulnerability
On Sept 9, 2020, Palo Alto Networks published nine security bulletins addressing vulnerabilities in PAN-OS operating system versions 8.0 or later. One of the nine CVEs released, CVE-2020-2040 , received a critical severity rating score of 9.8 based on the CVSS v3 Scoring system.
PAN-OS devices are vulnerable to CVE-2020-2040, when a Captive Portal or multi-factor authentication interface is enabled. Once exploited, an unauthenticated user can gain root privileges by sending a malicious request to the PAN-OS device. This vulnerability is rated as critical mainly for two reasons. First, it doesn’t require any authentication; and second, it has the potential to disrupt system processes and execute arbitrary cod
Tenable
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
blogs_tenable·2020-09-10·CVSS 9.8
[CRITICAL] CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-09-09
Published