Skip to main content

Palo Alto Products Multiple Vulnerabilities

Last Update Date: 19 May 2020 Release Date: 15 May 2020 5607 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Palo Alto Products, a remote user could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege, bypass security restriction and sensitive information disclosure on the targeted system.


Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Nginx (CVE-2017-7529)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.13;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • Panorama management service (CVE-2020-2012)
    PAN-OS for Panorama 8.1 versions earlier than 8.1.13;
    PAN-OS for Panorama 9.0 versions earlier than 9.0.7;
    All versions of PAN-OS for Panorama 7.1 and 8.0.

 

  • Panorama proxy service (CVE-2020-2018)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.12;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • Panorama management server (CVE-2020-1996)
    PAN-OS 8.1 versions earlier than 8.1.14;
    PAN-OS 9.0 versions earlier than 9.0.9;
    All versions of PAN-OS 7.1 and 8.0.

 

  • PAN-OS (CVE-2020-2001)
    PAN-OS 8.1 versions earlier than 8.1.12 on Panorama;
    PAN-OS 9.0 versions earlier than 9.0.6 on Panorama;
    All PAN-OS 7.1 Panorama and 8.0 Panorama versions.

 

  • PAN-OS (CVE-2020-2018)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.12;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • PAN-OS (CVE-2020-1997)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.0 versions earlier than 8.0.14.

 

  • PAN-OS (CVE-2020-2016)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.13;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor. For detail, please refer to the link below:

 

 

 

 

 

 

 


Vulnerability Identifier


Source


Related Link