Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-1978
HistoryApr 08, 2020 - 7:15 p.m.

CVE-2020-1978

2020-04-0819:15:13
CWE-255
CWE-522
[email protected]
web.nvd.nist.gov
22
palo alto networks
vm series
microsoft azure
ha
security
azure dashboard
credentials
vulnerability
nvd
cve-2020-1978

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.

Affected configurations

NVD
Node
paloaltonetworksvm-seriesRange1.0–1.0.9azure
OR
paloaltonetworkspan-osMatch9.0.0

CNA Affected

[
  {
    "platforms": [
      "Microsoft Azure"
    ],
    "product": "VM-Series Plugin",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
paloalto 1
prion 1
cvelist 1
nvd
nvd
CVE-2020-1978
2020-04-08 19:15:13
paloalto
paloalto
VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs
2020-04-08 16:00:00
prion
prion
Command injection
2020-04-08 19:15:00
cvelist
cvelist
CVE-2020-1978 VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs
2020-04-08 00:00:00

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2020-1978
nvd1paloalto1prion1cvelist1