Palo Alto PAN-OS up to 7.1/8.0/8.1.12/9.0.6 Management Server Certificate os command injection

Summaryinfo

A vulnerability, which was classified as critical, was found in Palo Alto PAN-OS up to 7.1/8.0/8.1.12/9.0.6. Affected by this vulnerability is an unknown functionality of the component Management Server. Executing a manipulation as part of Certificate can lead to os command injection. This vulnerability appears as CVE-2020-2028. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Palo Alto PAN-OS up to 7.1/8.0/8.1.12/9.0.6 (Firewall Software). It has been declared as critical. This vulnerability affects some unknown functionality of the component Management Server. The manipulation as part of a Certificate leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.

The weakness was presented 06/10/2020. This vulnerability was named CVE-2020-2028 since 12/04/2019. The attack can be initiated remotely. Additional levels of successful authentication are necessary for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1202.

Upgrading to version 8.1.13 or 9.0.7 eliminates this vulnerability.

See VDB-156509 and VDB-156507 for similar entries. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Palo Alto

Name

• PAN-OS

Version

• 7.0
• 7.1
• 8.0
• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 9.0.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.0.4
• 9.0.5
• 9.0.6

License

• commercial

Website

• Vendor: https://www.paloaltonetworks.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion