vulnerability

PAN-OS: Panorama management server log injection

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	May 13, 2020	Jun 18, 2020	Oct 5, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

May 13, 2020

Added

Jun 18, 2020

Modified

Oct 5, 2020

Description

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.

Solutions

palo-alto-networks-pan-os-upgrade-7-1palo-alto-networks-pan-os-upgrade-8-0palo-alto-networks-pan-os-upgrade-8-1palo-alto-networks-pan-os-upgrade-9-0

References

CVE-2020-1996
https://attackerkb.com/topics/CVE-2020-1996
URL-https://security.paloaltonetworks.com/CVE-2020-1996

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today