ID CVE-2020-2009 Type cve Reporter cve@mitre.org Modified 2020-05-19T14:10:00
Description
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
{"id": "CVE-2020-2009", "bulletinFamily": "NVD", "title": "CVE-2020-2009", "description": "An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.", "published": "2020-05-13T19:15:00", "modified": "2020-05-19T14:10:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2009", "reporter": "cve@mitre.org", "references": ["https://security.paloaltonetworks.com/CVE-2020-2009"], "cvelist": ["CVE-2020-2009"], "type": "cve", "lastseen": "2020-12-09T22:03:10", "edition": 7, "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "paloalto", "idList": ["PA-CVE-2020-2009"]}, {"type": "nessus", "idList": ["PALO_ALTO_CVE-2020-2009.NASL"]}], "modified": "2020-12-09T22:03:10", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-09T22:03:10", "rev": 2}, "vulnersScore": 5.2}, "cpe": ["cpe:/o:paloaltonetworks:pan-os:9.0.6", "cpe:/o:paloaltonetworks:pan-os:7.1.26", "cpe:/o:paloaltonetworks:pan-os:8.0.20", "cpe:/o:paloaltonetworks:pan-os:8.1.13"], "affectedSoftware": [{"cpeName": "paloaltonetworks:pan-os", "name": "paloaltonetworks pan-os", "operator": "le", "version": "9.0.6"}, {"cpeName": "paloaltonetworks:pan-os", "name": "paloaltonetworks pan-os", "operator": "le", "version": "7.1.26"}, {"cpeName": "paloaltonetworks:pan-os", "name": "paloaltonetworks pan-os", "operator": "le", "version": "8.1.13"}, {"cpeName": "paloaltonetworks:pan-os", "name": "paloaltonetworks pan-os", "operator": "le", "version": "8.0.20"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:paloaltonetworks:pan-os:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:8.1.13:*:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:7.1.26:*:*:*:*:*:*:*"], "cwe": ["CWE-610"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:*:*:*:*:*:*:*", "versionEndIncluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:8.0.20:*:*:*:*:*:*:*", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:7.1.26:*:*:*:*:*:*:*", "versionEndIncluding": "7.1.26", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:8.1.13:*:*:*:*:*:*:*", "versionEndIncluding": "8.1.13", "versionStartIncluding": "8.1.0", "vulnerable": true}], "operator": "OR"}]}}
{"paloalto": [{"lastseen": "2020-12-24T13:20:56", "bulletinFamily": "software", "cvelist": ["CVE-2020-2009"], "description": "An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions.\n\n**Work around:**\nThis issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com", "edition": 3, "modified": "2020-05-13T16:00:00", "published": "2020-05-13T16:00:00", "id": "PA-CVE-2020-2009", "href": "https://securityadvisories.paloaltonetworks.com/CVE-2020-2009", "title": "PAN-OS: Panorama SD WAN arbitrary file creation", "type": "paloalto", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-10-14T08:51:52", "description": "The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.14 or 8.0.x prior to 8.1.14 or\n8.1.x prior to 8.1.14 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability.\n\n - An external control of filename vulnerability in the SD\n WAN component of Palo Alto Networks PAN-OS Panorama\n allows an authenticated administrator to send a request\n that results in the creation and write of an arbitrary\n file on all firewalls managed by the Panorama. In some\n cases this results in arbitrary code execution with root\n permissions. This issue affects: All versions of PAN-OS\n 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0\n versions earlier than 9.0.7. (CVE-2020-2009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-22T00:00:00", "title": "Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-2009"], "modified": "2020-05-22T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_CVE-2020-2009.NASL", "href": "https://www.tenable.com/plugins/nessus/136811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136811);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/13\");\n\n script_cve_id(\"CVE-2020-2009\");\n script_xref(name:\"IAVA\", value:\"2020-A-0222-S\");\n\n script_name(english:\"Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PAN-OS host is affected by vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.14 or 8.0.x prior to 8.1.14 or\n8.1.x prior to 8.1.14 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability.\n\n - An external control of filename vulnerability in the SD\n WAN component of Palo Alto Networks PAN-OS Panorama\n allows an authenticated administrator to send a request\n that results in the creation and write of an arbitrary\n file on all firewalls managed by the Panorama. In some\n cases this results in arbitrary code execution with root\n permissions. This issue affects: All versions of PAN-OS\n 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0\n versions earlier than 9.0.7. (CVE-2020-2009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.paloaltonetworks.com/CVE-2020-2009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/73.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PAN-OS 8.1.14 / 8.1.14 / 8.1.14 / 9.0.7 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2009\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(73);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\", \"Host/Palo_Alto/Firewall/Source\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::palo_alto::initialize();\n\napp_name = 'Palo Alto Networks PAN-OS';\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');\n\nconstraints = [\n { 'min_version' : '7.1.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '8.1.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '9.0.0', 'fixed_version' : '9.0.7' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
