CVE-2020-2038

Опубликовано: 09 сент. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Высокий

Описание

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.

Ссылки

http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://security.paloaltonetworks.com/CVE-2020-2038
Vendor Advisory
http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://security.paloaltonetworks.com/CVE-2020-2038
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 9.0.0 (включая) до 9.0.10 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 9.1.0 (включая) до 9.1.4 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.0.1 (исключая)

EPSS

Процентиль: 99%

0.88016

Высокий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-qq25-3qfm-wpjj

CVSS3: 7.2

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.88016

Высокий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78