On November 11, 2020, Palo Alto Networks released advisories addressing several vulnerabilities in PAN-OS. These vulnerabilities are of High and Medium severity.
About the security bugs
- CVE-2020-2048: System proxy passwords may be logged in clear text while viewing system stateThis issue is addressed in PAN-140157. Information disclosure through log file vulnerability exists where the password for the configured system proxy server may be displayed in cleartext when using the CLI in PAN-OS.Vulnerable Versions:
PAN-OS 8.1 versions prior to PAN-OS 8.1.17
PAN-OS 9.0 versions prior to PAN-OS 9.0.11
PAN-OS 9.1 versions prior to PAN-OS 9.1.2Patched Versions:
Customers are recommended to patch their vulnerable assets with the recently released PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.2, and all later PAN-OS versions.
- CVE-2020-1999: Threat signatures are evaded by specifically crafted packetsThis issue is addressed in PAN-145133. A vulnerability exists in the threat signatures detection engine that allows attackers to communicate with devices in the network through specifically crafted TCP packets.Vulnerable Versions:
PAN-OS 8.1 versions prior to PAN-OS 8.1.17
PAN-OS 9.0 versions prior to PAN-OS 9.0.11
PAN-OS 9.1 versions prior to PAN-OS 9.1.5
All versions of PAN-OS 7.1 and PAN-OS 8.0Patched Versions:
Customers are recommended to patch their vulnerable assets with the recently released PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.
- CVE-2020-2000: OS command injection and memory corruption vulnerabilityThis issue is addressed in PAN-149822, PAN-150013, and PAN-150170. An OS command injection and memory corruption vulnerability in the PAN-OS management web interface allows authenticated admins to disrupt system processes and execute arbitrary code with root privileges.Vulnerable Versions:
PAN-OS 8.1 versions prior to PAN-OS 8.1.16
PAN-OS 9.0 versions prior to PAN-OS 9.0.10
PAN-OS 9.1 versions prior to PAN-OS 9.1.4
PAN-OS 10.0 versions prior to PAN-OS 10.0.1Patched Versions:
Customers are recommended to patch their vulnerable assets with the recently released PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.
- CVE-2020-2022: Panorama session disclosure during a context switch into the managed deviceThis issue is addressed in PAN-125218. An information disclosure vulnerability discloses the token for the Panorama web interface admin’s session to a managed device when the admin performs a context switch into that device.Vulnerable Versions:
PAN-OS 8.1 versions prior to PAN-OS 8.1.17
PAN-OS 9.0 versions prior to PAN-OS 9.0.11
PAN-OS 9.1 versions prior to PAN-OS 9.1.5Patched Versions:
Customers are recommended to patch their vulnerable assets with the recently released PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.
- CVE-2020-2050: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verificationThis issue is addressed in PAN-146650. An authentication bypass vulnerability in the GlobalProtect SSL VPN allows attackers to bypass all client certificate checks with an invalid certificate. Attackers can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication.Vulnerable Versions:
PAN-OS 8.1 versions prior to PAN-OS 8.1.17
PAN-OS 9.0 versions prior to PAN-OS 9.0.11
PAN-OS 9.1 versions prior to PAN-OS 9.1.5
PAN-OS 10.0 versions prior to PAN-OS 10.0.1Patched Versions:
Customers are recommended to patch their vulnerable assets with the recently released PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, PAN-OS 10.0.1, and all later PAN-OS versions.
Qualys Detection
Qualys customer can scan their network with QIDs 13429, 13948, 13584, 13523, and 13984 to detect vulnerable assets. Kindly continue to follow Qualys Threat Protection for more coverage on these vulnerabilities.
References and Sources
https://security.paloaltonetworks.com/CVE-2020-2048
https://security.paloaltonetworks.com/CVE-2020-1999
https://security.paloaltonetworks.com/CVE-2020-2000
https://security.paloaltonetworks.com/CVE-2020-2022
https://security.paloaltonetworks.com/CVE-2020-2050