{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Threat signatures are evaded by specifically crafted packets"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2020-1999","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:52:03.373Z","generator":{"date":"2026-04-11T00:52:03.373Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2020-1999","initial_release_date":"2020-11-11T17:00:00.000Z","revision_history":[{"number":"1","date":"2020-11-11T09:00:00.000Z","summary":"Initial publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2020-1999","product_status":{"fixed":["PANW-PAN-OS-282","PANW-PAN-OS-319","PANW-PAN-OS-314"],"known_affected":["PANW-PAN-OS-318","PANW-PAN-OS-313","PANW-PAN-OS-282","PANW-PAN-OS-319","PANW-PAN-OS-314"],"known_not_affected":["PANW-PAN-OS-281"]},"notes":[{"category":"description","text":"A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets.\n\nThis CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. There could be an impact on the accuracy of firewall threat prevention with some signatures, but there is no impact on the integrity of other security features."}],"references":[{"category":"external","summary":"NVD - CVE-2020-1999","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1999"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2020-1999","url":"https://security.paloaltonetworks.com/CVE-2020-1999"}],"threats":[{"category":"impact","description":"A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets.\n\nThis CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. There could be an impact on the accuracy of firewall threat prevention with some signatures, but there is no impact on the integrity of other security features."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"products":["PANW-PAN-OS-318","PANW-PAN-OS-313","PANW-PAN-OS-282","PANW-PAN-OS-319","PANW-PAN-OS-314"]}]}]}