CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
Description
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.
This issue affects:
All PAN-OS 7.1 Panorama and 8.0 Panorama versions;
PAN-OS 8.1 versions earlier than 8.1.12 on Panorama;
PAN-OS 9.0 versions earlier than 9.0.6 on Panorama.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 9.0 | < 9.0.6 | >= 9.0.6 |
| PAN-OS 8.1 | < 8.1.12 | >= 8.1.12 |
| PAN-OS 8.0 | 8.0.* | |
| PAN-OS 7.1 | 7.1.* |
Severity: HIGH
CVSSv3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness Type
CWE-123 Write-what-where Condition
Solution
This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
Workarounds and Mitigations
This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.