admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE updates from Palo Alto Networks June Patch Wednesday

Browse Source 
- CVE updates from Palo Alto Networks June Patch Wednesday
- Two CVE IDs assigned by our researchers for Kata Containers
- Update version numbers on older assignments.
This commit is contained in:
Chandan 2020-06-10 09:29:29 -07:00
parent d2ee18f2f9
commit 8559b0683b
No known key found for this signature in database
GPG Key ID: 76A1F9BB8C9E02F5
13 changed files with 906 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2020/1xxx/CVE-2020-1994.json
View File

@ -50,11 +50,6 @@
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
}
]
}
@ -79,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7."
"value": "A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7.\n"
}
]
},
@ -117,16 +112,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1994",
"name": "https://security.paloaltonetworks.com/CVE-2020-1994"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1994"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, PAN-OS 9.2.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
}
],
"source": {

14
2020/2xxx/CVE-2020-2010.json
View File

@ -41,11 +41,6 @@
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
},
{
"version_affected": "=",
"version_name": "8.0",
@ -79,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7."
"value": "An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7."
}
]
},
@ -117,16 +112,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2010",
"name": "https://security.paloaltonetworks.com/CVE-2020-2010"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2010"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0, PAN-OS 9.2.0 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
"value": "This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
}
],
"source": {

14
2020/2xxx/CVE-2020-2012.json
View File

@ -41,11 +41,6 @@
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
},
{
"version_affected": "=",
"version_name": "8.0",
@ -79,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7."
"value": "Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n"
}
]
},
@ -117,16 +112,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2012",
"name": "https://security.paloaltonetworks.com/CVE-2020-2012"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2012"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, PAN-OS 9.2.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
}
],
"source": {

14
2020/2xxx/CVE-2020-2015.json
View File

@ -56,11 +56,6 @@
"version_name": "9.1",
"version_value": "9.1.1"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
},
{
"version_affected": "=",
"version_name": "8.0",
@ -89,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0."
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n"
}
]
},
@ -127,16 +122,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015",
"name": "https://security.paloaltonetworks.com/CVE-2020-2015"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.1, PAN-OS 9.2.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
}
],
"source": {

14
2020/2xxx/CVE-2020-2016.json
View File

@ -55,11 +55,6 @@
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
}
]
}
@ -88,7 +83,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
}
]
},
@ -132,16 +127,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016",
"name": "https://security.paloaltonetworks.com/CVE-2020-2016"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, PAN-OS 9.2.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
}
],
"source": {

14
2020/2xxx/CVE-2020-2017.json
View File

@ -55,11 +55,6 @@
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "!>=",
"version_name": "9.2",
"version_value": "9.2.0"
}
]
}
@ -84,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
}
]
},
@ -122,16 +117,15 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017",
"name": "https://security.paloaltonetworks.com/CVE-2020-2017"
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, PAN-OS 9.2.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
}
],
"source": {

127
2020/2xxx/CVE-2020-2023.json
View File

@ -1,18 +1,133 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kata Containers - Containers have access to the guest root filesystem device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kata Containers",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11",
"version_value": "1.11.1"
},
{
"version_affected": "<",
"version_name": "1.10",
"version_value": "1.10.5"
},
{
"version_affected": "<=",
"version_name": "1",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Kata Containers"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Affects QEMU and Cloud Hypervisor guests on the default configuration. Doesn't affect initrd (initramfs) based guests. Requires the container to have CAP_SYS_MKNOD, the default in Docker and Kubernetes with containerd, but not in Kubernetes with CRI-O."
}
],
"credit": [
{
"lang": "eng",
"value": "Yuval Avrahami, Palo Alto Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2477"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/issues/2488"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2487"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/agent/issues/791"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/agent/pull/792"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

115
2020/2xxx/CVE-2020-2026.json
View File

@ -1,18 +1,121 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kata Containers - Guests can trick the kata-runtime into mounting the container image on any host path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kata Containers",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11",
"version_value": "1.11.1"
},
{
"version_affected": "<",
"version_name": "1.10",
"version_value": "1.10.5"
},
{
"version_affected": "<=",
"version_name": "1",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Kata Containers"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Affects QEMU and Cloud Hypervisor based guests."
}
],
"credit": [
{
"lang": "eng",
"value": "Yuval Avrahami, Palo Alto Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects:\nKata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/issues/2712"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2713"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

139
2020/2xxx/CVE-2020-2027.json
View File

@ -1,18 +1,143 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PAN-OS: Buffer overflow in authd authentication response"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.7"
},
{
"version_affected": "!>=",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "!>=",
"version_name": "9.0",
"version_value": "9.0.7"
},
{
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "=",
"version_name": "7.1",
"version_value": "7.1.*"
},
{
"version_affected": "=",
"version_name": "8.0",
"version_value": "8.0.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.\nThis issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2027"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions."
},
{
"lang": "eng",
"value": "PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.\n"
}
],
"source": {
"defect": [
"CYR-10833"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2020-06-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
}
]
}

145
2020/2xxx/CVE-2020-2028.json
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.7"
},
{
"version_affected": "!>=",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "!>=",
"version_name": "9.0",
"version_value": "9.0.7"
},
{
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
},
{
"version_affected": "=",
"version_name": "7.1",
"version_value": "7.1.*"
},
{
"version_affected": "=",
"version_name": "8.0",
"version_value": "8.0.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode.\nThis issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.\n"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2028"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions."
},
{
"lang": "eng",
"value": "PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
}
],
"source": {
"defect": [
"PAN-125804"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2020-06-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
}
]
}

145
2020/2xxx/CVE-2020-2029.json
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PAN-OS: OS command injection vulnerability in management interface certificate generator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.1",
"version_value": "7.1.26"
},
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "!>=",
"version_name": "9.0",
"version_value": "9.0.0"
},
{
"version_affected": "!>=",
"version_name": "7.1",
"version_value": "7.1.26"
},
{
"version_affected": "=",
"version_name": "8.0",
"version_value": "8.0.*"
},
{
"version_affected": "!>=",
"version_name": "8.1",
"version_value": "8.1.13"
},
{
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.0"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Przemysław Kowalski of STM Solutions for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration.\nThis issue affects:\nAll versions of PAN-OS 8.0;\nPAN-OS 7.1 versions earlier than PAN-OS 7.1.26;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2029"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, and all later PAN-OS versions."
},
{
"lang": "eng",
"value": "PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.\n"
}
],
"source": {
"defect": [
"PAN-124621"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2020-06-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
}
]
}

124
2020/2xxx/CVE-2020-2032.json
View File

@ -1,18 +1,128 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"platform": "Windows",
"version_affected": "!>=",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.0",
"version_value": "5.0.10"
},
{
"platform": "Windows",
"version_affected": "!>=",
"version_name": "5.0",
"version_value": "5.0.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Rich Mirch of TeamARES from Critical Start Inc for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges.\nThis issue can be exploited only while performing a GlobalProtect app upgrade.\nThis issue affects:\nGlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows;\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2032"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10583"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2020-06-10T16:00:00.000Z",
"value": "Initial publication"
}
]
}

134
2020/2xxx/CVE-2020-2033.json
View File

@ -1,18 +1,138 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"version_affected": "<",
"version_name": "5.0",
"version_value": "5.0.10"
},
{
"version_affected": "!>=",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"version_affected": "!>=",
"version_name": "5.0",
"version_value": "5.0.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Tom Wyckhuys and Nabeel Ahmed from NTT Belgium for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users.\nThis issue affects:\nGlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled;\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2033"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10741"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2020-06-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "The impact of this vulnerability can be mitigated by decreasing the allowed timeout settings for the prelogon feature or disabling the feature in the GlobalProtect gateway."
}
]
}