CVE-2020-2040

Description

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Palo Alto Networks / pan-os8.0.* – 8.0.*
Palo Alto Networks / pan-os9.0 – 9.0.9
Palo Alto Networks / pan-os9.1 – 9.1.3
Palo Alto Networks / pan-os8.1 – 8.1.15
Palo Alto Networks / pan-os10.0.0 – 10.0*

References

MISChttps://security.paloaltonetworks.com/CVE-2020-2040