Lucene search

K
paloaltoPalo Alto Networks Product Security Incident Response TeamPA-CVE-2020-2003
HistoryMay 13, 2020 - 4:00 p.m.

PAN-OS: Authenticated administrator can delete arbitrary system file

2020-05-1316:00:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
37

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

35.0%

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.

This issue affects:
All versions of PAN-OS 7.1 and 8.0;
PAN-OS 8.1 versions before 8.1.14;
PAN-OS 9.0 versions before 9.0.7;
PAN-OS 9.1 versions before 9.1.1.

Work around:
This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

35.0%

Related for PA-CVE-2020-2003