Lucene search

K
cvelistPalo_altoCVELIST:CVE-2020-2003
HistoryMay 13, 2020 - 12:00 a.m.

CVE-2020-2003 PAN-OS: Authenticated administrator can delete arbitrary system file

2020-05-1300:00:00
CWE-73
palo_alto
www.cve.org
1

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

35.0%

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1.

CNA Affected

[
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "affected",
        "version": "7.1.*"
      },
      {
        "status": "affected",
        "version": "8.0.*"
      },
      {
        "changes": [
          {
            "at": "8.1.14",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.14",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.7",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.7",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.1",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

35.0%

Related for CVELIST:CVE-2020-2003