Lucene search

[email protected]CVE-2020-2039

HistorySep 09, 2020 - 5:15 p.m.

CVE-2020-2039

2020-09-0917:15:25

CWE-400

[email protected]

web.nvd.nist.gov

palo alto networks

pan-os

cve-2020-2039

vulnerability

resource consumption

web interface

availability disruption

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Affected configurations

NVD

Node

paloaltonetworkspan-osRange8.1.0–8.1.16

paloaltonetworkspan-osRange9.0.0–9.0.10

paloaltonetworkspan-osRange9.1.0–9.1.4

paloaltonetworkspan-osRange10.0.0–10.0.1

CPENameOperatorVersion
paloaltonetworks:pan-ospaloaltonetworks pan-oslt8.1.16
paloaltonetworks:pan-ospaloaltonetworks pan-oslt9.0.10
paloaltonetworks:pan-ospaloaltonetworks pan-oslt9.1.4
paloaltonetworks:pan-ospaloaltonetworks pan-oslt10.0.1

CPE	Name	Operator	Version
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	8.1.16
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	9.0.10
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	9.1.4
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	10.0.1

CNA Affected

[
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "9.1.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.4",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "8.1.16",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.16",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.10",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.10",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.0.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.1",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2020-2039

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2020-2039

cvelist1 nessus1 prion1 paloalto1 nvd1 qualysblog1