CVE-2020-2015

Description

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Palo Alto Networks / pan-os8.0.* – 8.0.*
Palo Alto Networks / pan-os9.0 – 9.0.7
Palo Alto Networks / pan-os7.1 – 7.1.26
Palo Alto Networks / pan-os8.1 – 8.1.13
Palo Alto Networks / pan-os9.1 – 9.1.1

References

MISChttps://security.paloaltonetworks.com/CVE-2020-2015