Palo Alto PAN-OS up to 7.1.25/8.0.20/8.1.12/9.0.5 Authentication Daemon authentication spoofing

Summaryinfo

A vulnerability was found in Palo Alto PAN-OS up to 7.1.25/8.0.20/8.1.12/9.0.5 and classified as critical. This impacts an unknown function of the component Authentication Daemon. The manipulation results in authentication spoofing. This vulnerability was named CVE-2020-2002. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in Palo Alto PAN-OS up to 7.1.25/8.0.20/8.1.12/9.0.5 (Firewall Software). Affected is an unknown code of the component Authentication Daemon. The manipulation with an unknown input leads to a authentication spoofing vulnerability. CWE is classifying the issue as CWE-290. This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6.

The weakness was presented 05/13/2020. This vulnerability is traded as CVE-2020-2002 since 12/04/2019. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

Upgrading to version 7.1.26, 8.0.21, 8.1.13, 9.0.6 or 9.1.0 eliminates this vulnerability.

See VDB-155212, VDB-155211, VDB-155209 and VDB-155207 for similar entries. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Firewall Software

Vendor

• Palo Alto

Name

• PAN-OS

Version

• 7.1.0
• 7.1.1
• 7.1.2
• 7.1.3
• 7.1.4
• 7.1.5
• 7.1.6
• 7.1.7
• 7.1.8
• 7.1.9
• 7.1.10
• 7.1.11
• 7.1.12
• 7.1.13
• 7.1.14
• 7.1.15
• 7.1.16
• 7.1.17
• 7.1.18
• 7.1.19
• 7.1.20
• 7.1.21
• 7.1.22
• 7.1.23
• 7.1.24
• 7.1.25
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.0.20
• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 9.0.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.0.4
• 9.0.5

License

• commercial

Website

• Vendor: https://www.paloaltonetworks.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion