{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2020-2012","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:52:06.347Z","generator":{"date":"2026-04-11T00:52:06.347Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2020-2012","initial_release_date":"2020-05-13T16:00:00.000Z","revision_history":[{"number":"1","date":"2020-05-13T09:00:00.000Z","summary":"Initial publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2020-2012","product_status":{"fixed":["PANW-PAN-OS-331","PANW-PAN-OS-332"],"known_affected":["PANW-PAN-OS-313","PANW-PAN-OS-318","PANW-PAN-OS-331","PANW-PAN-OS-332"],"known_not_affected":["PANW-PAN-OS-325"]},"notes":[{"category":"description","text":"Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n"}],"references":[{"category":"external","summary":"NVD - CVE-2020-2012","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2012"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2020-2012","url":"https://security.paloaltonetworks.com/CVE-2020-2012"}],"threats":[{"category":"impact","description":"Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n"}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"products":["PANW-PAN-OS-313","PANW-PAN-OS-318","PANW-PAN-OS-331","PANW-PAN-OS-332"]}]}]}