CVE-2020-2034 : An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacke

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.

Published 2020-07-08 17:15:10

Updated 2020-07-14 17:44:41

Source Palo Alto Networks, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-2034

Probability of exploitation activity in the next 30 days: 66.70%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-2034

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	Palo Alto Networks, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-2034

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@paloaltonetworks.com (Secondary)

References for CVE-2020-2034

https://security.paloaltonetworks.com/CVE-2020-2034

CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal
Vendor Advisory

Products affected by CVE-2020-2034

Paloaltonetworks » Pan-os
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.20
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 9.1.0 and before (<) 9.1.3
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 8.1.0 and before (<) 8.1.15
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 9.0.0 and before (<) 9.0.9
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 7.1.0 and up to, including, (<=) 7.1.26
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-2034

Exploit prediction scoring system (EPSS) score for CVE-2020-2034

CVSS scores for CVE-2020-2034

CWE ids for CVE-2020-2034

References for CVE-2020-2034

Products affected by CVE-2020-2034