Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
Bridgecrew
1
Bridgecrew Checkov
2
CloudGenix
2
Cortex Data Lake
1
Cortex XDR Agent
9
Cortex XSOAR
9
Cortex XSOAR PowerShell Image
1
Cortex Xpanse
1
Demisto
1
Enterprise Data Loss Prevention
1
Exact Data Matching CLI
1
Expedition
7
GlobalProtect App
20
IoT Security
1
MineMeld
1
NetConnect
1
Okyo Garde
1
PAN-DB Private Cloud
1
PAN-OS
210
PAN-OS for Firewall and Wildfire
1
PAN-OS for Panorama
1
Prisma Access
10
Prisma Cloud
1
Prisma Cloud Compute
5
Prisma SD-WAN (CloudGenix)
1
SaaS Security
1
Secdo
3
Terminal Server Agent
4
Traps
3
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID Agent
3
VM-Series Plugin
1
WildFire Appliance
4
WildFire Cloud
3
Zingbox Inspector
11
Clear
Found 9
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
9.8
N
CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
2020-09-09
2020-09-10
8.8
CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.0.9
< 8.1.16
>= 10.0.0
>= 9.1.0
>= 9.0.9
>= 8.1.16
2020-09-09
2021-02-12
7.5
N
CVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
none
none
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
none
2020-09-09
2020-09-09
7.2
CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
none
none
none
>= 10.0.1
9.1.*
9.0.*
8.1.*
2020-09-09
2020-09-09
7.2
CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.3
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.3
>= 9.0.10
>= 8.1.16
2020-09-09
2021-02-12
7.2
CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
none
>= 10.0.1
>= 9.1.4
>= 9.0.10
8.1.*
2020-09-09
2021-02-12
5.3
N
CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-09
2021-02-12
3.3
CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-09
2020-09-09
3.3
CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.10
< 8.1.16
8.0.*
>= 9.1.3
>= 9.0.10
>= 8.1.16
none
2020-09-09
2020-09-09
Download
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.