Palo Alto Networks Security Advisories / CVE-2020-2006

CVE-2020-2006 PAN-OS: Buffer overflow in management server payload parser


047910
Severity 7.2 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2020-05-13
Updated 2020-05-13
Reference PAN-100855
Discovered internally

Description

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.

This issue affects:

All versions of PAN-OS 7.1 and 8.0;

PAN-OS 8.1 versions earlier than 8.1.14.

Product Status

VersionsAffectedUnaffected
PAN-OS 8.1< 8.1.14>= 8.1.14
PAN-OS 8.08.0.*
PAN-OS 7.17.1.*

Severity: HIGH

CVSSv3.1 Base Score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-121 Stack-based Buffer Overflow

Solution

This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.

PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.

PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.

Workarounds and Mitigations

This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.

Acknowledgments

Palo Alto Networks thanks Jin Chen of Palo Alto Networks for discovering and reporting this issue.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.