CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal
Description
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled.
This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1.
Prisma Access services are not impacted by this vulnerability. Firewalls that were upgraded to the latest versions of PAN-OS to resolve CVE-2020-2021 are not vulnerable to this issue.
Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 9.1 | < 9.1.3 | >= 9.1.3 |
| PAN-OS 9.0 | < 9.0.9 | >= 9.0.9 |
| PAN-OS 8.1 | < 8.1.15 | >= 8.1.15 |
| PAN-OS 8.0 | 8.0.* | |
| PAN-OS 7.1 | 7.1.* |
Required Configuration for Exposure
This issue is applicable only where GlobalProtect portal is enabled.
Severity: HIGH
CVSSv3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitation Status
Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.
Weakness Type
Solution
This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.
PAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies.
Workarounds and Mitigations
Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 58658 on traffic destined for the GlobalProtect portal will block attacks against CVE-2020-2034.