CVE-2020-2007

🗓️ 13 May 2020 19:07:14Reported by palo_altoType

OS command injection vuln in PAN-OS mgmt server allows authenticated user to execute arbitrary commands with root privileges. Affects PAN-OS 7.1, 8.1 < 8.1.14, 9.0 < 9.0.7

Reporter	Title	Published	Views	Family All 8
CNVD	Palo Alto Networks PAN-OS Management Server Component Operating System Command Injection Vulnerability	14 May 202000:00	–	cnvd
Cvelist	CVE-2020-2007 PAN-OS: OS command injection in management server	13 May 202019:07	–	cvelist
EUVD	EUVD-2020-22035	7 Oct 202500:30	–	euvd
NVD	CVE-2020-2007	13 May 202019:15	–	nvd
OSV	CVE-2020-2007	13 May 202019:15	–	osv
Palo Alto Networks	PAN-OS: OS command injection in management server	13 May 202016:00	–	paloalto
Tenable Nessus	Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability	22 May 202000:00	–	nessus
Prion	Command injection	13 May 202019:15	–	prion

NVD

Vulners

Node

paloaltonetworks pan-osRange7.1.0–7.1.26

paloaltonetworks pan-osRange8.0.0–8.0.20

paloaltonetworks pan-osRange8.1.0–8.1.13

paloaltonetworks pan-osRange9.0.0–9.0.6

[
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "affected",
        "version": "7.1.*"
      },
      {
        "status": "affected",
        "version": "8.0.*"
      },
      {
        "changes": [
          {
            "at": "9.0.7",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.7",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "8.1.14",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.14",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2020-2007

21 Nov 2024 05:24Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.2

CVSS 29

EPSS0.03671

CWE-78