CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.
This issue impacts:
All versions of PAN-OS 8.0;
PAN-OS 8.1 versions earlier than PAN-OS 8.1.15;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.9;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
This issue does not impact the GlobalProtect VPN or the PAN-OS management web interfaces.
|PAN-OS 10.0||None||>= 10.0.0|
|PAN-OS 9.1||< 9.1.3||>= 9.1.3|
|PAN-OS 9.0||< 9.0.9||>= 9.0.9|
|PAN-OS 8.1||< 8.1.15||>= 8.1.15|
Required Configuration for Exposure
This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured as per https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
CVSSv3.1 Base Score:9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.
This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.
All Prisma Access services are now upgraded to resolve this issue and are no longer vulnerable.
PAN-OS 7.1 and 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.
Workarounds and Mitigations
Until PAN-OS software is upgraded to a fixed version, enabling signatures in content update version 8317 will block attacks against CVE-2020-2040.
Frequently Asked Questions
Q. Has this been exploited in the wild?
This issue was discovered during internal security review. No evidence of active exploitation has been identified as of this time.
Q. Are there any indicators of compromise or breach due to this vulnerability?