{
  "id": "CVE-2020-1998",
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "published": "2020-05-13T19:15:12.800",
  "lastModified": "2020-05-19T16:05:31.470",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n incorrecta en PAN-OS que utiliza por error los permisos de los usuarios locales de Linux en lugar de los permisos SAML previstos de la cuenta cuando el nombre de usuario se comparte con fines de autenticaci\u00f3n SSO. Esto puede provocar la omisi\u00f3n de autenticaci\u00f3n y el acceso no deseado a los recursos para el usuario. Este problema afecta: PAN-OS 7.1 versiones anteriores a la versi\u00f3n 7.1.26; PAN-OS 8.1 versiones anteriores a la versi\u00f3n  8.1.13; PAN-OS 9.0 versiones anteriores a la versi\u00f3n  9.0.6; PAN-OS 9.1 versiones anteriores a la versi\u00f3n  9.1.1; Todas las versiones de PAN-OS 8.0."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    },
    {
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.1.0",
              "versionEndExcluding": "7.1.26",
              "matchCriteriaId": "C7F96FF9-52CD-4906-A742-AA418D5015C0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.0.0",
              "versionEndIncluding": "8.0.20",
              "matchCriteriaId": "2BEFBF38-AF84-4477-A6B9-5BDD51D54F4F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.1.0",
              "versionEndExcluding": "8.1.13",
              "matchCriteriaId": "FE88801C-4736-4FCF-90A4-4B4D72774502"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "9.0.0",
              "versionEndExcluding": "9.0.6",
              "matchCriteriaId": "B6B860AF-A793-4ED4-8D35-1D69E2F16A3E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "9.1.0",
              "versionEndExcluding": "9.1.1",
              "matchCriteriaId": "34E02751-66F9-4DD7-A2DD-DE2DBBFFDCDD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.paloaltonetworks.com/CVE-2020-1998",
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}