CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
Description
A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.
The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.
This issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 10.1 | None | 10.1.* |
| PAN-OS 10.0 | < 10.0.6 | >= 10.0.6 |
| PAN-OS 9.1 | < 9.1.9 | >= 9.1.9 |
| PAN-OS 9.0 | < 9.0.14 | >= 9.0.14 |
| PAN-OS 8.1 | < 8.1.20 | >= 8.1.20 |
Required Configuration for Exposure
This issue is exploitable only if the Telnet service is enabled and is accessible to attackers.
Severity: HIGH
CVSSv3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue targeting Palo Alto Networks products.
Weakness Type
Solution
This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.6, and all later PAN-OS versions.
Workarounds and Mitigations
Disabling the Telnet-based administrative management service completely eliminates risks of exploitation of this issue.
This issue requires the attacker to have network access to the PAN-OS Telnet interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
If the Telnet-based administrative management service is required and you cannot immediately upgrade your PAN-OS software, enable signatures for Unique Threat ID 59125 on traffic destined for the Telnet interface to block attacks against CVE-2020-10188.