Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2020-1994

HistoryMay 13, 2020 - 4:00 p.m.

PAN-OS: Predictable temporary file vulnerability

2020-05-1316:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.

This issue affects:
All versions of PAN-OS 7.1 and 8.0;
PAN-OS 8.1 versions earlier than 8.1.13;
PAN-OS 9.0 versions earlier than 9.0.7.

Work around:
No work around available.

CPENameOperatorVersion
pan-oslt8.1.13
pan-oslt9.0.7
pan-oseq7.1.*
pan-oseq8.0.*

Name	Operator	Version
pan-os	lt	8.1.13
pan-os	lt	9.0.7
pan-os	eq	7.1.*
pan-os	eq	8.0.*

References

security.paloaltonetworks.com/CVE-2020-1994

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for PA-CVE-2020-1994