Palo Alto Networks Security Advisories / CVE-2020-10188

CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)

047910
Severity 8.1 · HIGH
Attack Vector NETWORK
Attack Complexity HIGH
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.

The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.

This issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.

Product Status

VersionsAffectedUnaffected
PAN-OS 10.1None10.1.*
PAN-OS 10.0< 10.0.6>= 10.0.6
PAN-OS 9.1< 9.1.9>= 9.1.9
PAN-OS 9.0< 9.0.14>= 9.0.14
PAN-OS 8.1< 8.1.20>= 8.1.20

Required Configuration for Exposure

This issue is exploitable only if the Telnet service is enabled and is accessible to attackers.

Severity: HIGH

CVSSv3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue targeting Palo Alto Networks products.

Weakness Type

CWE-120 Buffer Overflow

Solution

This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.6, and all later PAN-OS versions.

Workarounds and Mitigations

Disabling the Telnet-based administrative management service completely eliminates risks of exploitation of this issue.

This issue requires the attacker to have network access to the PAN-OS Telnet interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

If the Telnet-based administrative management service is required and you cannot immediately upgrade your PAN-OS software, enable signatures for Unique Threat ID 59125 on traffic destined for the Telnet interface to block attacks against CVE-2020-10188.

Acknowledgments

This issue was found by an external researcher in the upstream Telnet code.

Timeline

Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.