From ee2a453058285a6cf05842d5ffb2a8a8ac83abab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jun 2020 16:01:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15315.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15316.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15317.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15318.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15319.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15320.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15321.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15322.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15323.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15324.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15366.json | 18 ++++++++++ 2020/2xxx/CVE-2020-2021.json | 7 ++-- 12 files changed, 572 insertions(+), 63 deletions(-) create mode 100644 2020/15xxx/CVE-2020-15366.json diff --git a/2020/15xxx/CVE-2020-15315.json b/2020/15xxx/CVE-2020-15315.json index 846138cf0d3..7c3429e0d80 100644 --- a/2020/15xxx/CVE-2020-15315.json +++ b/2020/15xxx/CVE-2020-15315.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15315", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15315", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15316.json b/2020/15xxx/CVE-2020-15316.json index 806f8b335f5..a386a0b1fe1 100644 --- a/2020/15xxx/CVE-2020-15316.json +++ b/2020/15xxx/CVE-2020-15316.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15317.json b/2020/15xxx/CVE-2020-15317.json index e9a031c5c0a..7a6283c7cf4 100644 --- a/2020/15xxx/CVE-2020-15317.json +++ b/2020/15xxx/CVE-2020-15317.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15317", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15317", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15318.json b/2020/15xxx/CVE-2020-15318.json index 055bd5833ef..1507b916e3d 100644 --- a/2020/15xxx/CVE-2020-15318.json +++ b/2020/15xxx/CVE-2020-15318.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15319.json b/2020/15xxx/CVE-2020-15319.json index ab3d5772e31..ce41877ee2d 100644 --- a/2020/15xxx/CVE-2020-15319.json +++ b/2020/15xxx/CVE-2020-15319.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15319", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15319", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15320.json b/2020/15xxx/CVE-2020-15320.json index 704b5c8e85a..b95a5136c2f 100644 --- a/2020/15xxx/CVE-2020-15320.json +++ b/2020/15xxx/CVE-2020-15320.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15321.json b/2020/15xxx/CVE-2020-15321.json index a5db297933f..6207f6add76 100644 --- a/2020/15xxx/CVE-2020-15321.json +++ b/2020/15xxx/CVE-2020-15321.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15321", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15321", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15322.json b/2020/15xxx/CVE-2020-15322.json index c5605d9dce5..c735f996256 100644 --- a/2020/15xxx/CVE-2020-15322.json +++ b/2020/15xxx/CVE-2020-15322.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15322", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15322", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15323.json b/2020/15xxx/CVE-2020-15323.json index fa18b5cb911..3e02d6d4f8d 100644 --- a/2020/15xxx/CVE-2020-15323.json +++ b/2020/15xxx/CVE-2020-15323.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15324.json b/2020/15xxx/CVE-2020-15324.json index d4a37897935..8969d12f294 100644 --- a/2020/15xxx/CVE-2020-15324.json +++ b/2020/15xxx/CVE-2020-15324.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15324", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15324", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" } ] } diff --git a/2020/15xxx/CVE-2020-15366.json b/2020/15xxx/CVE-2020-15366.json new file mode 100644 index 00000000000..da0a86d2509 --- /dev/null +++ b/2020/15xxx/CVE-2020-15366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2021.json b/2020/2xxx/CVE-2020-2021.json index 5fe7243fb42..ef5b2fe2c2b 100644 --- a/2020/2xxx/CVE-2020-2021.json +++ b/2020/2xxx/CVE-2020-2021.json @@ -85,7 +85,7 @@ "description_data": [ { "lang": "eng", - "value": "When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.\n\nThis issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.\n\nThis issue cannot be exploited if SAML is not used for authentication. \n\nThis issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile.\n\nResources that can be protected by SAML-based single sign-on (SSO) authentication are: \n GlobalProtect Gateway,\n GlobalProtect Portal,\n GlobalProtect Clientless VPN,\n Authentication and Captive Portal,\n PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,\n Prisma Access\n\nIn the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).\n\nIn the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\n\nPalo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n" + "value": "When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability." } ] }, @@ -129,8 +129,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2021" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2021", + "name": "https://security.paloaltonetworks.com/CVE-2020-2021" } ] },